DNS-Based Routes
Starting with KeeneticOS 5.0, a new DNS-Based Routes tab has been added to the router's web interface on the Routing page, where you can create your own routing rules via a specified connection or gateway for user-defined lists of domain names and IP addresses. For example, this can be used in Multi-WAN scenarios, where a router uses connections to multiple ISPs and reserves the primary Internet channel. In this case, you can configure DNS-based routing to a specified list of sites via a specific interface or gateway.
Go to the DNS-Based Routes tab and click the Create button in the Domain Name Lists section.
In the Domain Names List window, specify a List name and enter domain names and/or IP addresses in the Domain names, IPv4/IPv6 фddresses field, one per line. All subdomains of the specified name are automatically included; do not use the * symbol in domain names. Click the Save button.
Next, in the Routing Rules section, click the Create button.
In the DNS-Based Route Parameters window, select the previously created list in the List name field, and specify the interface for routing in the Interface field or enter the gateway IP address in the corresponding field. Select the Add automatically check box to apply the route when the specified gateway is available. Select the Exclusive route check box to route traffic only to the selected interface (if the selected interface is inactive or unavailable, such traffic will not be routed). Click the Save button.
Ensure that the rule you have created is Enabled.
Importante
The following mandatory conditions must be met for DNS-based routing to work:
The connection specified in the Interface field for routing must be correctly configured, enabled, and have a status of Connected.
The client must be in the Default policy on the Connection Policies page;
The router's IP address must be specified as the DNS server on the client.
Check the client's network connection information and ensure that the router's IP address is specified in the DNS server field. If you see a different IP address (for example, the address of a public DNS resolver), you have probably manually set an additional Public DNS server in the router settings or enabled the use of DoT/DoH. In this case, you need to remove it so that the router is the only DNS server for the client and all DNS queries are directed to it.
Next, proceed to the routing testing. However, before doing so, we recommend clearing the DNS cache on the client. In Windows, this can be done with the ipconfig /flushdns command.
Open the website specified in the domain list in your web browser. To demonstrate how routing works, we have specifically added the online service 2ip.io to the list, which displays your IP address (you can use any other similar service, such as myip.com).
Before enabling DNS routing, the following information was displayed when visiting the 2ip.io website:
And this is the result after enabling DNS-based routing:
We can see that when DNS-based routing is enabled, access to the specified site is performed via a different connection, in our case via a different ISP.
Experienced users can check the routing of traffic to a specific site using the tracert utility (in Windows) or traceroute (in Linux and macOS). For our example, we need to run the command tracert 2ip.io in the command line.
Suggerimento
Modern web browsers allow you to enable enhanced DNS query protection and use DNS over HTTPS, a domain name system that sends domain name queries over an encrypted connection, providing secure DNS and preventing others from seeing which website you are trying to access. If domain name routing is not working for you, make sure that this feature is disabled in your web browser and that the default DNS resolution is being used.