Force a specific device DNS to a specific server

I'm trying to force all DNS traffic (bypassing hard-coded DNS) originating in a specific device on my network (my TV) to go to a specific DNS server (Getflix).
The problem is that I want it to only hijack a single device based on IP/MAC and not the entire network.
I've been trying for hours to do it for a single device but I couldn't figure it out or find a solution.
Any ideas?



Thank you, but I read it already, it applies to all devices on my network, I'm looking to hijack a specific one.

You could theoretically make a firewall rule that applies to a specific IP address on your network and redirects the dns requests. You could also use a force redirect to a pihole, or put the device(s) in question on another subnet and then force that subnet to have the dns redirection.

1 Like

Could you maybe describe how can I create that firewall rule?

I'd have to get back to you after trying it... I am pretty sure it is possible, but I'd have to play around a bit (I have not tried this specific scenario).

Fundamentally, you can make a rule that drops all port 53 connections destined for WAN from the source IP you want to control -- that would be the first test. Then, you could refine that by redirecting it via a masquerade to the desired dns resolver instead of dropping it. But I can't tell you specifically how to do this off the cuff, and I'd have to play around a bit (which I cannot do right now).

Use this setup:

uci set dhcp.tag1="tag"
uci set dhcp.tag1.dhcp_option="6,,"
uci add dhcp host
uci set dhcp.@host[-1].name="j400"
uci set dhcp.@host[-1].mac="00:21:63:75:aa:17"
uci set dhcp.@host[-1].ip=""
uci set dhcp.@host[-1].tag="tag1"
uci add dhcp host
uci set dhcp.@host[-1].name="j500"
uci set dhcp.@host[-1].mac="01:22:64:76:bb:18"
uci set dhcp.@host[-1].ip=""
uci set dhcp.@host[-1].tag="tag1"
uci commit dhcp
/etc/init.d/dnsmasq restart

Sounds good, but will it hijack requests to hard-coded DNS servers?

This setup defines a dns for a defined host. If you have a dns for ps4-stuff like, yes.

To hijack, try that:

Yes I saw that, but than again, my problem is that I want to hijack a single device DNS requests, not all the network.

Maybe this?

The host of MAC AABBCCDDEEFF will be forwarded to host

1 Like

Set up DNS hijacking according to the wiki.
Then just add a MAC filter to the created firewall redirect.

1 Like

Thank you! That seems to work just fine! :slight_smile:

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.