If I remove the wlan0 parameter the domain should also be block from my copper cable network. But after flushing the DNS cache of my laptop, I still can ping the domain name.
I know that in tiny linux systems is every tool stripped and slim. Can you give me a hint what could be the problem? The iptables command gives no error messages. I'm using OpenWrt 18.06.0 r7188-b0b5c64c22.
Thanks
Peter
Edit: For iptables string, you need to install install iptables-mod-filter
Currently the dropping of matching DNS packets does not happen at all. If I remove "-i wlan0" from the iptables command it shouldnt matter from where this packets are coming. With tcpdump -qA port 53 at the router shell I still can see the request.
You will always see the query, as the tcpdump is capturing before the firewall. You should enable verbose logging in dnsmasq and check on the logs instead.
I added log-queries to dnsmasq.conf and restarted the daemon. I can still see the request and answers in logread:
daemon.info dnsmasq[3574]: query[A] www.pfarge.de from xxxx
daemon.info dnsmasq[3574]: forwarded www.pfarge.de to yyyy
daemon.info dnsmasq[3574]: reply www.pfarge.de is 172.67.183.199
daemon.info dnsmasq[3574]: reply www.pfarge.de is 104.21.48.97
With the following rule I can drop all wlan dns requests: iptables -I INPUT 1 -i wlan0 -p udp --dport 53 -j DROP
If I put the IP manually in the browser I can access the internet. I think its a problem with iptables-mod-filter. Its stripped and a lot of functions are removed, right?
It is possible, although I have not tried it myself.
Since you have separate interfaces, you could run multiple dnsmasq instances and block that domain only to the desired instance.
Ok, thanks for the hint.
I will try some things and if I find a solution, I will post it.
Edit:
Its a problem of understanding ANY requests in the help links in the first posting from my side. It means a specific DNS request for a bunch of values and not all kind of DNS requests. With the QTYPE field removed, all DNS request for this domain are dropped... and maybe some more, where pfarge.de is a subdomain. But in my case this is not a problem. And you also have to add icase because the DNS query contains the request case sensitive.