DNS Redirect not working

I installed a PiHole (192.168.1.10) in my network and setup a DHCP rule to direct my network devices to it.

This works fine.

Now I wanted to redirect DNS traffic with a firewall rule to force all DNS traffic to the pihole. I found this little tutorial to accomplish this.. I created the first rule:

But this does not seem to work. I tested the rule by using the following command dig testpihole.example.com @1.1.1.1. Where the domain testpihole.example.com is a dummy domain I entered in to my pihole. But this gives me the following result:

dig piholetest.example.com @1.1.1.1

; <<>> DiG 9.18.15 <<>> piholetest.example.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39265
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;piholetest.example.com.		IN	A

;; Query time: 0 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Sat Jun 03 10:24:48 CEST 2023
;; MSG SIZE  rcvd: 51

So it looks to me like the rule is begin totally ignored.

Does anyone know what I'm doing wrong here?

From where ?

There's https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns

1 Like

From my own pc in the lan network.

And what does nslookup of the same domain say ?

nslookup piholetest.example.com 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

** server can't find piholetest.example.com: NXDOMAIN

[bschellen@marauder ~]$ nslookup piholetest.example.com 192.168.1.10
Server:		192.168.1.10
Address:	192.168.1.10#53

Name:	piholetest.example.com
Address: 10.0.1.1

If I do nslookup @ cloudflare it can´t find the domain name. If I do nslookup @mypihole it can find the domain name. The ip 10.0.1.1 is a fake ip address I filled in. So that's the correct answer.

And if you skip the DNS' IP in nslookup?

nslookup piholetest.example.com
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	piholetest.example.com
Address: 10.0.1.1

My pc is already using the pihole for dns so it gets the correct answer. But I would like to force devices that user their own DNS, like a google chromecast for example, to use the pihole.

There is already a rule above yours, redirecting all dns to the router. Where did that come from?

2 Likes

Then you need to apply the fw rules provided in the link posted.

The https-to-dns proxy is already doing DNS Hijacking and therefore the rules I entered into the firewall did not work. When I disable DNS Hijacking in the proxy I get the expected answer \0/

Thank you for the hints :slight_smile:

That's what I'm trying to do. I applied the first rule, and the tutorial tells me that the result of dig should be:

dig piholetest.example.com @1.1.1.1
;; reply from unexpected source: 192.168.1.10#53, expected 1.1.1.1#53

However the result is an answer of the cloudflare server that de domain does not exist. That means that the dns request is not redirected to my pihole but is still sent to the cloudflare server.

Not going to comment on some random 3rd party guide, use the one from Openwrt.

Start from scratch, if you must.

Just curious, do you have a solution for DNS from IPv6 clients?