"Forced" DNS Forwarding for a specific domain?

I have a few devices on the network that ignore the broadcasted dns settings so I set up the DNS Server to override all dns traffic.

This works pretty well but what I really want is to only force a few specific domains to use a specific dns address.

Is this possible?
It seems the general advice is to use Network -> DHCP and DNS -> General Settings -> DNS forwardings but I assume rogue clients would ignore that setting.

Thanks for any advice/direction.

What the user did there was to advertise OpenDNS and hijack everything else.

Yes, force every device to use the OpenWrt and use the selective dns forwarding.

1 Like

Thanks for the reply @trendy.

What is the correct way to force every device to use the OpenWrt dns? The only way I found was by using settings from the link I posted above.

Thanks!

Assuming that you want to intercept plain DNS traffic:
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns

And make sure that encrypted DNS is disabled on your devices and in the browsers.

2 Likes

Thanks guys. It's way easier to find something when you know what it's called!
The DNS Hijacking via LuCI entry in the wiki was pretty outdated so I updated for anyone following along.

What I ended up doing was following the wiki :point_up_2:.

Then I went into Network > DHCP and DNS > General Settings and set the DNS forwardings.

image

This works great.
I'm able to use getflix.com to reroute DNS only for nflgamepass. No other sites on my network are affected and clients can't get around the redirect. :+1:

2 Likes

I was wrong. DNS Hijacking didn't end up working.
I was tricked by the fact that my Android device started respecting the DHCP Server's DNS settings.

So, the DNS forwarding of domains to a specific address is working. But after forcing a client to 8.8.8.8 the DNS forwardings no longer work.

I also tried following the CLI method (only doing ipv4, I'm not using v6).

But this also didn't work. :confused:

I don't really have a problem anymore because the two clients I needed to force DNS on are now respecting the server. I still wish I could get it to work though.

And intercept IPv6 DNS if your clients have dual-stack connectivity.

1 Like

Not really a solution, but a possible workaround.

The app DnsChanger will create a "fake" loop back VPN tunnel, which will hijack
all DNS calls, and redirect them to whatever DNS you'd like to use.

I have two public piholes where I redirect all DNS calls from my cellphone, ads gone :wink:

The app doesn't require root, and have ipv6 support.

1 Like