Block Google DNS on router

I'm trying to block Google dns and can't get it to work. Here is an image of my firewall rule.
Any help appreciated.

are you sure your clients aren't using DoH or DoT instead, and bypassing your block ?

1 Like

Using a command prompt I can still ping 8.8.8.8 and 8.8.4.4.

What happens if you ping from within the Diagnostic Tools in LuCi?

If it fails, then your custom works and you need to move on to the Browsers.

ping isn't proof of your rule working/failing.

if you want to block ping, you should add ICMP to the list of protocols blocked.

you could also verify it using telnet, from a client.
(i'm not blocking 8.8.8.8, I'm intercepting, and redirecting it)

[frollic@atlantis ~]$ telnet 8.8.8.8 53
Trying 8.8.8.8...
Connected to 8.8.8.8.
Escape character is '^]'.

I can still ping from Luci Diagnostics.

PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=119 time=19.051 ms
64 bytes from 8.8.8.8: seq=1 ttl=119 time=18.885 ms
64 bytes from 8.8.8.8: seq=2 ttl=119 time=18.353 ms
64 bytes from 8.8.8.8: seq=3 ttl=119 time=18.583 ms
64 bytes from 8.8.8.8: seq=4 ttl=119 time=18.801 ms

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 18.353/18.734/19.051 ms
``

This ??

or Any, yeah ...

1 Like

Trying to stop clients accessing google dns.

1 Like

if we assume your rule's working. you can use tcpdump to see if there are any outgoing traffic to 8.8.8.8, but the telnet test should be proof enough.

as pointed out earlier, by @bill and myself, there's also DoT and DoH.

When I add google dns to my wifi interface it can use google dns. I want that blocked.

and what's the proof of you actually using it ?

With this rule, you block only the access of the router itself to google dns.
Change the source zone from Device to lan or create another rule.

2 Likes

SWEET!!!


This seems to have done the trick, as my Nvidia shield is now blocked from accessing google dns. :slight_smile:

If you'd have followed the link in the 1st reply, we wouldn't have needed 10+ additional posts to solve it ... :expressionless:

1 Like

We took the tourist route instead. :wink:

LOL, yeah I guess we did :slight_smile:

Another, more flexible option is to install stubby. The default uses Cloudflare DNS over TLS. As opposed to the unencryped Google lookup, this DNS lookup is hidden from your ISP. To implement, set the DNS resolve address for your home workstations. to the IP address of the router.

Google DNS server remains available for guests, minimally configurable android devices.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.