Temos Archyvai: Administration

ZTE MF286R DNS Settings

Note: this advice is generic and should work with any router lacking DNS settings.

I recently subscribed to Telia’s mobile Internet service and bought ZTE MF286R 4G router they sell. The first thing I noticed, was the absence of DNS settings, which is a no-deal for me, because I use my home DNS server as a first line of defence against ads, spam, pr0nogrąphy, malware and other unwanted websites. Thankfully, this problem is (somewhat) easily solvable, but you’ll need some dedicated hardware to host your DNS server locally. If you don’t have any spare hardware or some always-on computer on your network you can give this job to, and you don’t want to maintain your own server, then stop reading this, spare yourself some pain and get a better router.

I use a low power Intel Celeron J1800-based server to run an instance of Pi-hole (among other things). Pi-hole uses OpenDNS or other specified (public or private) DNS server to resolve your requests and it has functionality to apply additional, user defined or third party maintained, black-lists. What it also can do, is to act as a DHCP server (i. e. it can assign IP addresses to network devices), which we’ll exploit to overcome MF286R’s DNS handicap.

When you appoint Pi-hole as DHCP server, it will serve as DNS server too. However, there can only be one DHCP server on a given network, so, firstly, turn-off DHCP functionality in the ZTE router settings (Advanced settings -> Router):

fig. 1 Turning-off DHCP server in ZTE MF286R router.

After applying this change, your MF286R router will stop handing out local IP addresses to your network devices.

Secondly, turn-on DHCP server in the Pi-hole settings (fig. 2):

fig. 2 Turning-on DHCP server in Pi-hole

Now your Pi-hole will take over the job of handing out IP addresses, and at the same time it’ll start acting as your network’s DNS server.

Disabling Firefox’s DNS Over HTTPS via Windows Group Policy

  1. Download Group Policy templates for your Firefox version here
  2. Copy *.admx files to C:\Windows\PolicyDefinitions
  3. Copy *.adml files to from en-US to C:\Windows\PolicyDefinitions\en-US (or other language folder if applicable and available)
  4. Launch gpedit.msc (gpedit.msc is not available on Home versions of Windows, if you have that, I recommend using third party Group Policy editor like PolicyPlus)
  5. Navigate to Computer Configuration -> Administrative Templates -> Mozilla -> Firefox -> DNS Over HTTPS
  6. „Enabled” -> Disabled; „Locked” -> Enabled.