[Bug/Feature Request] Web Filter (Allowlist) fails if 8.8.8.8 is blocked - Hardcoded DNS in hostblock.sh

eliapetrachi · January 8, 2026, 8:11am

Hello Teltonika Team,

I am writing to report a behavior that limits the usability of the Web Filter in restricted network environments.

Device: RUTX10 Firmware: RUTX_R_00.07.19.4

The device is behind an upstream corporate firewall that strict blocks access to public DNS resolvers like Google DNS (8.8.8.8).

When the Web Filter is enabled in Allowlist mode, the device attempts to force resolution of allowed domains specifically via 8.8.8.8, bypassing the system’s configured WAN DNS. Since 8.8.8.8 is unreachable in my network environment, the allowed websites fail to resolve, effectively blocking them despite being on the allowlist.

Here are the relevant dnsmasq logs showing the forced usage of 8.8.8.8:

548 Wed Jan 7 16:50:02 2026 daemon.info dnsmasq[12353]: using nameserver 8.8.8.8#53 for domain windowsupdate.microsoft.comm
549 Wed Jan 7 16:50:02 2026 daemon.info dnsmasq[12353]: using nameserver 8.8.8.8#53 for domain windowsupdate.microsoft.comm
…
567 Wed Jan 7 16:50:02 2026 daemon.info dnsmasq[12353]: using nameserver 8.8.8.8#53 for domain redir.update.msft.com.trafficmanager.nett

I investigated the file system and found that this behavior appears to be caused by the script /usr/sbin/hostblock.sh. It contains a hardcoded variable: DEFAULT_DNS="8.8.8.8"

I manually edited the script to change DEFAULT_DNS to a reachable DNS (or local resolver). After restarting the service, the websites became reachable again. However, using the local loopback (e.g., if set to 127.0.0.1) generates warnings like this, though it works:

697 Wed Jan 7 17:01:41 2026 daemon.warn dnsmasq[16371]: ignoring nameserver 127.0.0.1 - local interface

Since hardcoding an external DNS creates issues for isolated networks or those with strict upstream firewalls, could you please update the firmware to:

Remove the hardcoded 8.8.8.8 and default to the system’s configured WAN DNS?
Or add an option in the Web Filter settings page to specify a custom DNS server for the allowlist resolution?

This change needs to be part of the official configuration so it persists across reboots and configuration backups.

I added a letter at the end of each link to permit the creation of the post.

Justinas · January 8, 2026, 6:03pm

Greetings,

Thank you for the detailed explanation. I have passed your suggestion along to our research and development team, and I will let you know once I receive feedback from them.

Best Regards,
Justinas

eliapetrachi · February 24, 2026, 7:40am

Hello,

since the topic would otherwise automatically close, I wanted to ask if there were any developments on the question/suggestion I gave.

Thank you.

Justinas · February 24, 2026, 1:34pm

Greetings,

Our Research and Development team will consider adding this feature in the future, however, there is currently no estimated timeline for its implementation.

Best regards,
Justinas

system · March 9, 2026, 8:11am

This topic was automatically closed after 60 days. New replies are no longer allowed.