Force forward dns traffic to adguard question

Good day!

I need to force all DNS traffic to be sent to the AdGuard host (10.3.1.90).

Rule 1

config redirect
        option src 'lan'
        option target 'DNAT'
        list proto 'tcp'
        list proto 'udp'
        option src_dport '53'
        option dest_ip '10.3.1.90'
        option name 'Forward-DNS-lan'

At the same time, the traffic from AdGuard should not be touched.

Rule 2

config redirect
        option target 'DNAT'
        option src 'lan'
        option src_ip '10.3.1.90'
        option src_dport '53'
        option dest_ip '10.3.1.1'
        option name 'Forward-DNS-from-adguard'

And the traffic from the router itself as well.

Rule 3

config redirect
        option target 'DNAT'
        option family 'ipv4'
        option src 'lan'
        option src_dport '53'
        option src_ip '10.3.1.1'
        option name 'Forward-DNS-from-dnsmasq'

Essentially, I only need Rule 1, but it needs to exclude two hosts: 10.3.1.90 and 10.3.1.1. To do this, I had to create two additional rules: Rule 2 and Rule 3, but I feel that they are redundant. Essentially, there is no need to forward for these hosts; we just need to leave their traffic untouched. Is there a more correct solution to exclude them?

https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns#dns_forwarding

1 Like