Bypass dns servers?

Installing and Using OpenWrt Network and Wireless Configuration
1

Is it possible to bypass DNS for a particular device? I'm using https-dns-proxy, but on my pixel phone, I would like to use the private dns directly on the phone and not using the ones from https-dns-proxy, is it possible?
thanks

2

https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#client_classifying_and_individual_options

2 Likes
3

For a long-term solution, I would configure the DHCP server, as @frollic suggested. For a quick solution, you can configure the phone to ignore the DNS informed by the DHCP server, and use a fixed one.

2 Likes
4

I can t use the Private one on my phone if I keep them from my router active. If not my wifi does not work.

5

Are you blocking or highjacking DNS requests on the router?

6

Yes I do, following that ;

https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns

7

at the bottom of that page, you have an exception for the DNS itself, to avoid loops, you should be able to create a similar rule for the MAC of the phone.

just make sure the phone isn't using randomized MACs.

3 Likes
8

I used that to see;

# Configure firewall
uci set firewall.dns_int.src_mac="!11:22:33:44:55:66" #with my mac address
uci commit firewall
service firewall restart

still does not work, I try something else.

9

depends on if you've got DoH or DoT enabled on the phone, the rule only applies to clear text DNs calls.

10

on my cell I add nextdns as private dns but I tried cloudlfare, quad9, same problem if I use the dns setup on my router.

11

you need to provide specifics, this should work just by disabling the DoH/DoT providers in your phone.

1 Like
12

yes I understand, but my goal was to keep the one on my phone to have it when I'm not on wifi.

13

then you'll need to create the exceptions in the fw for the openwrt device.

14

in traffic rules?

15

I tried that with my device's ip. But still not working

config rule
        option name 'Block DNS servers on lan except 192.168.1.xxx'
        option src 'lan'
        option dest 'wan'
        list src_ip '!192.168.1.xxx'
        option dest_port '53 853'
        option target 'DROP'
16

no need to mask non public IPs when posting.

looks kind of wrong.

17

what I really dont know in that stuff is firewall things

18

no, never mind, I misread the rule.

apply the exception to a computer client, check if you can access the remote DoT server on port 853.

19

seems still working on my pc, I mean, the wifi is still on.

20

I don't know about your problem, I would like to know the solution too.
I guess someone here will help.