Equivalent of HOSTS file on Synology Router?

Currently reading
Equivalent of HOSTS file on Synology Router?

319
122
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
RT2600ac, MR2200ac
Operating system
Windows
Mobile operating system
iOS
I would like to block access by machines on my LAN to certain domains. Not just browser access, but all access.

The obvious (to me...) "possible" solutions do not work:
  • Safe Access seems to block only browser access.
  • Firewall only blocks numeric IP addresses, not entire domains.

So what I'm looking for is the equivalent of a .hosts file, but for the router, so it affects all machines on the LAN.

I am happy to use the router's DNS Server, and I'm guessing that this is possible to do somehow in the DNS server, but cannot figure out how to set that up.
Currently, I have one Master forwarding zone in DNS server, forwarding to my favorite external DNS servers with a "Forward First" resolution policy, which works fine, but allows me no opportunity to set exceptions for particular domain names.

Looking for suggestions!

Thanks!
 

fredbert

Moderator
NAS Support
Subscriber
1,484
629
NAS
DS1520+, DS218+, DS215j
Router
RT2600ac, MR2200ac
Operating system
macOS
Mobile operating system
iOS
Why not create new master zones in the DNS server for the domains you want to block. With no records to resolve to then the result will be no answer.
 
319
122
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
RT2600ac, MR2200ac
Operating system
Windows
Mobile operating system
iOS
Cuz I don’t know how. :)
I didn’t know you could create a master zone for a specific domain... will take a look; any tips appreciated.
 

fredbert

Moderator
NAS Support
Subscriber
1,484
629
NAS
DS1520+, DS218+, DS215j
Router
RT2600ac, MR2200ac
Operating system
macOS
Mobile operating system
iOS
I run an internal DNS server so that I can have my personal domain resolved internally and it mimics the Internet DNS resolution. I've got various records for the mail, smtp, www, etc. etc. and these resolve to the real LAN IPs, whereas on the Internet it all resolves to my ISP's assigned IP. It means I only need one set of bookmarks and certificates are ok.

If I try to resolve something that doesn't have a record then it gets return as unresolvable. So I assume you just need to create a master zone with no records for, I assume, facebook.com and it won't resolve. Worth a try :)
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top