your local DNS server, on the router, or tcpdump.
depends on the client, doesn't it ?
With DoH/T, at least one plain query have to be made, to get the IP of the DoT/H host to be used further on (unless an IP was used, instead of host name/FQDN).
so i have to run tcpump on main router...
could you please advice what exactly in tcpdump? I mean i can download/run it but not clear for what do i have to look in dump.
i thought once client request DNS address from main router ie 10.0.1.1 it will use that DNS for all the requests... maybe i was wrong.
you're looking for the MACs or IPs of the clients making the request.
@frolic
while executed tcpdump command and opened homeassistant app and using ios client
root@OpenWrt-main-router:~# tcpdump -nn -i br-lan src host 10.0.1.144 and port 53 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
15:26:34.033062 IP 10.0.1.144.52370 > 10.0.1.1.53: 16313+ A? abcd1.duckdns.org. (36)
15:26:34.634313 IP 10.0.1.144.54567 > 10.0.1.1.53: 21152+ Type65? firebaselogging-pa.googleapis.com. (51)
15:26:34.634931 IP 10.0.1.144.50691 > 10.0.1.1.53: 59512+ A? firebaselogging-pa.googleapis.com. (51)
when i did the same using android
root@OpenWrt-main-router:~# tcpdump -nn -i br-lan src host 10.0.1.141 and port 53 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
15:28:47.484741 IP 10.0.1.141.49504 > 10.0.1.1.53: 48019+ A? www.google.com. (32)
any idea here?
Was this the only request from the Android device?
yeah
even when i open the browser... nothing else is in the tcpdump
Ok, so you need to do, what you were told to yesterday already...
but still cant see on my network 10.0.1.1.53: no idea whats that.
so actually Both DoH and DoT are on - on that android device - and bypassing my DNS?
10.0.1.1 port 53?
Not repeating it one more time...
ah sorry ... correct... i was blind as it was added with .
I still don't understand that why android behave like that... doesn't make a sense to me at all.
And even that DNS name i am trying to access - is public hostname, so android can access it while connected via LTE, but when its connected to my local network via dumb AP it cant resolve it ... so even local DNS server is bypassed it should get it from some public DNS servers.
Knowledge is power, and your DNS queries tell the DNS resolver (in Chrome's case, Google) a lot about you.
A fresh parallell www.nytimes.com/2022/07/01/technology/google-abortion-location-data.amp.html
Your AP has nothing to do with it.
Does the public DNS entry have the same IP as the one on your LAN?
no it doesnt,
as my main router has that rule
cat /etc/dnsmasq.conf
address=/abcd1.duckdns.org/10.0.1.104
Then that's your answer right there.
i have disabled DoH and even i set it to automatic ; it doesn't work
I cant set it IP of my main router (10.0.1.1) bc once on LTE it wont work again...
no its not ...
as if my android uses some public DNS it resolves abcd1.... to IP of my public IP; then it should be internally translated to 10.0.1.41... at least that's what i thought.
it is, if your internal DNS is used, but isn't.
and it's never translated (depends on what you mean by it, though), a new request have to come in
and ask for the same name, if there's none, the last IP will be (re)used.
then you probably shouldn't set it to automatic.
Okay what i did is ,
i changed on my wifi internal network - DHCP to Static, and inside i typed DNS 10.0.1.1
and now it works.
Question would be - why DHCP also don't assign DNS address 10.0.1.1 but uses something different apparently 8.8.8.8
thx
It does, which your tcpdump already proved.
yeah but on ios devices only, not for android where i had to disable DHCP and set static ip/dns IP.