Forwarding/redirecting one public domain to a private one: is this the solution?

as in the title, I want to force the forwarding/redirecting of a public domain, f.e.:, to a private one (I want to capture all and only requests and force devices and people to automatically go to search.privateDomain.lan... where there is a seflhosted search frontend replacement, whoogle).
I tried to add, in Network > DHCP and DNS > General Settings and set the DNS forwardings, the following

that sould be the same of, via CLI:

uci add_list dhcp.@dnsmasq[0].address="/"
uci commit dhcp
/etc/init.d/dnsmasq restart

where privateDomain.lan is itself managed by my internal reverse proxy... but the router crashed (!) rebooting and rebooting and I cannot access to it and I have to reflash.
Reading the wiki, I think I could do

uci add dhcp cname
uci set dhcp.@cname[-1].cname=""
uci set dhcp.@cname[-1].target="search.privateDomain.lan"
uci commit dhcp
/etc/init.d/dnsmasq restart

Is it correct?
Is there a way, via Luci?
Or should I add an iptables rules?

Thanks a lot!!!

This is wrong, the second argument must be an address, not a name.
The use of cname is more appropriate. It is not supported in Luci though.
I think it is also possible with iptables, but it is more difficult than adding a cname.
Make sure your lan hosts are using the dnsmasq of OpenWrt as sole resolver.

1 Like

Thanks trendy!
With this approach, eventual parameters included in the http request will be passed too?
For example, if a device requires:
it will be forwarded to

I think there is a misunderstanding here. A cname will merely reply back to a name query with the canonical name and the address. That way the host will know to which address to send the packets. What is in the data part of the http packet is not controlled from the dns and you'd need a proxy to alter it.

1 Like

thx again!!!

1 Like

Be aware that DoH/ DoT on client devices (browsers are increasingly pushing in that direction), hsts or certificate pinning (chrome and anything google) will basically spoil your idea.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.