[Bug/Feature Request] Web Filter (Allowlist) fails if 8.8.8.8 is blocked - Hardcoded DNS in hostblock.sh

Networking Solutions
1

Hello Teltonika Team,

I am writing to report a behavior that limits the usability of the Web Filter in restricted network environments.

Device: RUTX10 Firmware: RUTX_R_00.07.19.4

The device is behind an upstream corporate firewall that strict blocks access to public DNS resolvers like Google DNS (8.8.8.8).

When the Web Filter is enabled in Allowlist mode, the device attempts to force resolution of allowed domains specifically via 8.8.8.8, bypassing the system’s configured WAN DNS. Since 8.8.8.8 is unreachable in my network environment, the allowed websites fail to resolve, effectively blocking them despite being on the allowlist.

Here are the relevant dnsmasq logs showing the forced usage of 8.8.8.8:

548 Wed Jan 7 16:50:02 2026 daemon.info dnsmasq[12353]: using nameserver 8.8.8.8#53 for domain windowsupdate.microsoft.comm
549 Wed Jan 7 16:50:02 2026 daemon.info dnsmasq[12353]: using nameserver 8.8.8.8#53 for domain windowsupdate.microsoft.comm

567 Wed Jan 7 16:50:02 2026 daemon.info dnsmasq[12353]: using nameserver 8.8.8.8#53 for domain redir.update.msft.com.trafficmanager.nett

I investigated the file system and found that this behavior appears to be caused by the script /usr/sbin/hostblock.sh. It contains a hardcoded variable: DEFAULT_DNS="8.8.8.8"

I manually edited the script to change DEFAULT_DNS to a reachable DNS (or local resolver). After restarting the service, the websites became reachable again. However, using the local loopback (e.g., if set to 127.0.0.1) generates warnings like this, though it works:

697 Wed Jan 7 17:01:41 2026 daemon.warn dnsmasq[16371]: ignoring nameserver 127.0.0.1 - local interface

Since hardcoding an external DNS creates issues for isolated networks or those with strict upstream firewalls, could you please update the firmware to:

  1. Remove the hardcoded 8.8.8.8 and default to the system’s configured WAN DNS?

  2. Or add an option in the Web Filter settings page to specify a custom DNS server for the allowlist resolution?

This change needs to be part of the official configuration so it persists across reboots and configuration backups.

I added a letter at the end of each link to permit the creation of the post.

1 Like
3

Greetings,

Thank you for the detailed explanation. I have passed your suggestion along to our research and development team, and I will let you know once I receive feedback from them.

Best Regards,
Justinas