Force a specific device DNS to a specific server

I'm trying to force all DNS traffic (bypassing hard-coded DNS) originating in a specific device on my network (my TV) to go to a specific DNS server (Getflix).
The problem is that I want it to only hijack a single device based on IP/MAC and not the entire network.
I've been trying for hours to do it for a single device but I couldn't figure it out or find a solution.
Any ideas?



Thank you, but I read it already, it applies to all devices on my network, I'm looking to hijack a specific one.

You could theoretically make a firewall rule that applies to a specific IP address on your network and redirects the dns requests. You could also use a force redirect to a pihole, or put the device(s) in question on another subnet and then force that subnet to have the dns redirection.

1 Like

Could you maybe describe how can I create that firewall rule?

I'd have to get back to you after trying it... I am pretty sure it is possible, but I'd have to play around a bit (I have not tried this specific scenario).

Fundamentally, you can make a rule that drops all port 53 connections destined for WAN from the source IP you want to control -- that would be the first test. Then, you could refine that by redirecting it via a masquerade to the desired dns resolver instead of dropping it. But I can't tell you specifically how to do this off the cuff, and I'd have to play around a bit (which I cannot do right now).

Use this setup:

uci set dhcp.tag1="tag"
uci set dhcp.tag1.dhcp_option="6,,"
uci add dhcp host
uci set dhcp.@host[-1].name="j400"
uci set dhcp.@host[-1].mac="00:21:63:75:aa:17"
uci set dhcp.@host[-1].ip=""
uci set dhcp.@host[-1].tag="tag1"
uci add dhcp host
uci set dhcp.@host[-1].name="j500"
uci set dhcp.@host[-1].mac="01:22:64:76:bb:18"
uci set dhcp.@host[-1].ip=""
uci set dhcp.@host[-1].tag="tag1"
uci commit dhcp
/etc/init.d/dnsmasq restart

Sounds good, but will it hijack requests to hard-coded DNS servers?

This setup defines a dns for a defined host. If you have a dns for ps4-stuff like, yes.

To hijack, try that:

Yes I saw that, but than again, my problem is that I want to hijack a single device DNS requests, not all the network.

Maybe this?

The host of MAC AABBCCDDEEFF will be forwarded to host

Set up DNS hijacking according to the wiki.
Then just add a MAC filter to the created firewall redirect.

1 Like

Thank you! That seems to work just fine! :slight_smile:

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.