Question One internet for two networks with separate DNS services?

Jun 7, 2019
2
0
10
Brief Background:
My wife and I are unfortunately going to be sharing a home for a bit with my parents to help them out with expenses. Unfortunately, my dad is extremely paranoid. He has multiple firewall devices setup highly restricting internet usage and also uses OpenDNS Family Shield. Something also allows my dad to keep a log of all websites and online services being accessed. Both my parents have no sense of privacy. The short of it, my wife and I do not want our internet censored nor tracked.


Question:
We need help setting up two separate networks operating through separate DNS servers, so what is the best way to do so between the following two options and how would I setup each router (i.e., DHCP enabled/disabled, subnets, reserved IP addresses, etc...)?
Is there a better solution?


Ultimate Goals:
  • The two networks must be entirely separate. Network 1 cannot access devices or storage on network 2 and vice versa.
  • Each network MUST utilize separate DNS services.
  • My wife and I are major gamers, so we are looking for a solution that minimizes any additional latency to our connection (preferably no additional latency); BUT, it is okay for my parents latency to be impacted as this is no concern to them.
  • Minimal impact on overall online activities (e.g., would placing my parents network, "Network 2" under option 2, on a DMZ conflict with online gaming due to port forwarding?).

Thank you in advance!
 
The second option will be the closest you can get to 2 different networks.

Opendns is close to worthless. Google used to suggest the term BYPASS it was searched so much. The trivial solution is to just hard code the DNS in your end device. Since no traffic goes to the open dns server nothing is tracked. Now some people will try to block port 53 except to opendns but that is trivial to bypass also since you can use one of the secure dns servers that run on different ports or you can use a free vpn service and run just your DNS traffic through it. And even if someone blocks all that they can't stop the brute force host file or running your own DNS server.

So it may be simplest to just use 1 router and hard code the dns server. You could also explain why it is a waste of time to try to use opendns to restrict someone. Your solution is just a step above this that you are using physical cabling to get past the restriction.
 
The second option will be the closest you can get to 2 different networks.

Opendns is close to worthless. Google used to suggest the term BYPASS it was searched so much. The trivial solution is to just hard code the DNS in your end device. Since no traffic goes to the open dns server nothing is tracked. Now some people will try to block port 53 except to opendns but that is trivial to bypass also since you can use one of the secure dns servers that run on different ports or you can use a free vpn service and run just your DNS traffic through it. And even if someone blocks all that they can't stop the brute force host file or running your own DNS server.

So it may be simplest to just use 1 router and hard code the dns server. You could also explain why it is a waste of time to try to use opendns to restrict someone. Your solution is just a step above this that you are using physical cabling to get past the restriction.

Option 2 is what we are leaning towards, but we would not know how to setup Router 1 to allow router 2 and 3 to specify their own separate DNS services and maintain separate networks. Do we simply disable the DHCP on router 1?

As far as "explaining" anything to my dad in an attempt to avoid setting up separate networks, he used to be a network administrator and believes he knows best even though he has not managed a commercial network for 7+ years, completes no continuing education, and only has a 2 year computer science certificate from about 20 years ago. I am often helping my dad fix his computer issues, but he still insist he knows best on all matters. Especially when it comes to the security of his network.

So, we are going to have to setup separate networks to avoid him snooping on our own computers, our NAS, or internet activities.
 
You really can just take the routers out of the box and hook them up and the networks will be separate. The DNS used is controlled by the settings in secondary routers. The main router that is hook to the ISP does not actually use DNS its only purpose is to pass traffic through.
You can use DHCP if you like or you can use static on the network between the main router and the 2 sub routers. I would use DHCP it is simpler. You might want static if you need to do port forwarding or have a game console that need UPnP to function.

The only thing that can mess things up is when the subnet used by the main router is the same as the subnet used by the secondary routers for the lan. Routers get very confused if the wan and lan are on the same network. So you would want to change the lan network on the main router to something else. Other than that you can run them anyway you want. You would of course need to make sure the main router was not configured to block any traffic.

Generally you would turn off the wifi radios on the main router in a install like this but most times people doing this are doing it for the reverse. They want to force people to go through a restricted router rather than bypassing a restricted router. The more common example would be when someone wanted a guest network that was restricted and a employee network that was not.