I'd like to block YouTube and forward all other DNS requests to AdGuard. The following method used to work but it's been a few years/versions since I tried. Here's my firewall.user:
iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53
Here's my dnsmasq.conf:
addn-hosts=/path/to/blacklist.hosts
all-servers
no-resolv
server=176.103.130.132
server=176.103.130.134
Here's a sample of blacklist.hosts:
0.0.0.0 youtube.com
0.0.0.0 www.youtube.com
0.0.0.0 m.youtube.com
0.0.0.0 youtu.be
I also tried removing blacklist.hosts and using only dnsmasq.conf like so:
all-servers
no-resolv
server=176.103.130.132
server=176.103.130.134
server=/youtube.com/0.0.0.0
server=/www.youtube.com/0.0.0.0
server=/m.youtube.com/0.0.0.0
server=/youtu.be/0.0.0.0
I tried replacing the IP addresses with 127.0.0.1. I tried moving the upstream DNS server IP addresses before/after the additional hosts. I've tried everything I can think of. The clients on my network aren't using DoH or custom DNS servers. What am I missing? Or does this approach no longer work in 2021?