Can't seem to block domains in dnsmasq

Tommfw · February 21, 2020, 5:05pm

I'm completely new to anything linux and openwrt and i'm trying my best to look up information but some things seems to confuse me and are not working.
I want to block domains in the etc/hosts file and I followed suggestions to do this in a forum post which seemed to work for others.

I did the following, I put this lines in /etc/firewall.user

iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53

then I proceeded to add these lines to /etc/dnsmasq.conf

address=/sb.google.com/127.0.0.1
address=/ssl.google-analytics.com/127.0.0.1
address=/google.com/127.0.0.1

then I added these adresses to etc/hosts:

192.168.1.1 OpenWRT
127.0.0.1  localhost

127.0.0.1  ssl.google-analytics.com
127.0.0.1  sb.google.com
127.0.0.1  google.com

I added google to see if I could enter the website. But it seems these steps are wrong as they are not working. What can I do to block domains? I'm planning to block many websites like this. Please help me with this.

Thank you in advanced!

Doppel-D · February 21, 2020, 5:36pm

I recommend installing simple-adblock or adblock including Luci GUI if your router has some free flash and min. 64MB RAM.

Tommfw · February 21, 2020, 5:58pm

I would prefer to do it through dnsmasq, do you have recommendations which tutorials to follow for blocking domains?

lleachii · February 21, 2020, 7:17pm

Did you do /etc/init.d/dnsmasq restart after adding these configs?

Tommfw · February 21, 2020, 9:09pm

Thank you I have not and I tried it, but it gave a error message in shell:

root@OpenWrt:~# /etc/init.d/dnsmasq restart
udhcpc: started, v1.31.1
udhcpc: sending discover
udhcpc: no lease, failing

I do have an vpn running, could this be an issue?

Tommfw · February 21, 2020, 9:17pm

I'm checking the system log of LuCi and it gives me this log:

Fri Feb 21 21:15:12 2020 daemon.info dnsmasq[11189]: exiting on receipt of SIGTERM
Fri Feb 21 21:15:12 2020 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Fri Feb 21 21:15:12 2020 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: started, version 2.80 cachesize 150
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: DNS service limited to local subnets
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq-dhcp[11318]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain test
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain onion
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain localhost
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain local
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain invalid
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain bind
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain lan
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: reading /tmp/resolv.conf.d/resolv.conf.auto
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain test
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain onion
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain localhost
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain local
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain invalid
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain bind
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using local addresses only for domain lan
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using nameserver 209.222.18.222#53
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: using nameserver 209.222.18.218#53
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: read /etc/hosts - 385 addresses
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: read /tmp/hosts/odhcpd - 0 addresses
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq[11318]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Fri Feb 21 21:15:16 2020 daemon.info dnsmasq-dhcp[11318]: read /etc/ethers - 0 addresses

lleachii · February 21, 2020, 10:05pm

So is it working now?

Please elaborate:

Is this VPN running on the router, or on a client?
Do you make any DNS assignment changes in the VPN configs?

Tommfw · February 21, 2020, 10:10pm

Thanks, no sadly it does not work, the VPN is running on the router where I did add two custom VPN dns assignments in Wan (these are the vpn providers servers). Beside that though, I did not make any special changes in vpn configs.

temomm · August 7, 2020, 9:47am

Hello, I too would like instructions on using dnsmasq to use my own custom hosts list, whilst also using VPN (ExpressVPN) DNS, and on the same router (Netgear R7000). If any knowledgeable persons can find some time to consolidate/write some instructions for beginners, that would be really great. You can include a "buy me a beer" link if you spend hours putting the instructions together that any noob such as myself can follow.

vgaetera · August 7, 2020, 10:31am

temomm · December 19, 2020, 6:10am

Thank you!