Dumb wifi router + DNS

yeah but on ios devices only, not for android where i had to disable DHCP and set static ip/dns IP.

The static IP is a side effect of not being able to manually set only the DNSes.

You should try to wrap your head around what's happening here...

Another option is to install the BanIP package, and block all DoT and DoH servers, and be done with it.

i mean, i am completely new to that subject, and you are responding like talking to DNS guru ...

no i cant wrap it as i apparently dont get the concepts....

and what happened is 2 hours passed and it stopped to work again... even the static IP/DNS is set....

banip - ? what do u want to ban ... i dont get it.

its completely nonsense. ..

 tcpdump -nn -i br-lan src host 10.0.1.141 and port 53 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
18:56:58.339401 IP 10.0.1.141.11391 > 10.0.1.1.53: 44756+ A? encrypted-tbn2.gstatic.com. (44)
18:56:58.339853 IP 10.0.1.141.23789 > 10.0.1.1.53: 7129+ A? encrypted-tbn0.gstatic.com. (44)
18:57:00.278451 IP 10.0.1.141.61352 > 10.0.1.1.53: 34248+ A? discover-pa.googleapis.com. (44)

BanIP is a openwrt package.

What it does is clearly stated:

sorry. and if you are not willing to "answer" in language for normal people it doesnt make any sense to repond anymore.

it worked for few min/hours and it stopped to work.

to disable DoH DoT on android via banip? is i assume nonsense.

I am already using both dns - manually typed with 10.0.1.1 and it doesnt work at all.

Maybe the design how i am accessing home-assistant and the rule in
cat /etc/dnsmasq.conf

address=/abcd1.duckdns.org/10.0.1.104

is completely nonsense... and there might be more eficient solution so i dont have to touch android stupid dns ...

and seem simillar was discussed here Force Android phone to use local DNS for local domain name resolving - #46 by bobafetthotmail without solution.

Ok apart all of it .. the whole discussion doesnt make any sense.

In case i dont set local DNS on dumb ap ... android even using DoH or DoT ... can access abcd1...

I case i set a local DNS on dumb ap ... it doesnt work anymore on android.

On ios everything works correctly ...

anyone can advise here? thanks

hello,
is there a way to force android device use local DNS server?
In case its not possible how can one "achieve/setup" a scenario where one wants to access public URL (within local network) which is mapped to local (private) network?

thanks

As already answered, 5 days ago, although you did say, it was nonsense.

so once all DoH and DoT providers are blocked device will be forced to use local DNS server?

also how do u want to list all of these providers/servers/IPs ... ?

Correct.

List are available on internet, as linked to (at least for DoH) in the other thread, but I guess you didn't read it, since it was nonsense...

okay,
then what about DoT ... as you block DoH and not all DoT it might use DoT?
thanks

Android devices will probably fall back to DoT before using your own DNS.

Although, if you're not using a browser, but an app, DoT should probably be the 1st one to block.

Trial and error, however.

in that case it wont solve anything ... ?

the link provided there is list of the hostnames not ip addresses... so i am confused...

and i assume as its android it will try to use

but still these are not Ip addess to block...

and who knows what is that compilation of ip address ...
https://raw.githubusercontent.com/jpgpi250/piholemanual/master/DOHipv4.txt

seems it wont help ...

I've spent few days searching the internet.
I have samsung galaxy tablet with Android 10.
The problem is 2-fold.

Android 10 itself uses DoT (DNS over TLS)
Firefox on Android uses DoH (DNS over HTTPS)

...

so there is no other solution how to access local ip address on internal network? i mean instead of blocking dot and doh it would be better idea to configure / setup proper architecture...

Feel free to explain what that would look like.

blocking Doh and DoT will make googe play unavailable etc.. Android private DNS blocking - #3 by dl12345
so apparently its not a solution.

I dont know ... thats why i was asking if there is other way ; how to forward somehow my internal traffic that goes to public URL to local IP ... and using DNS is not a way .. .so maybe there is other way? i dont know ... iptables rule?

No it won't.

You really need to start reading what people write, and stop adding your own (incorrect) interpretations...