Hi,
as in the title, I want to force the forwarding/redirecting of a public domain, f.e.: publicDomain.com, to a private one (I want to capture all and only www.google.com requests and force devices and people to automatically go to search.privateDomain.lan... where there is a seflhosted search frontend replacement, whoogle).
I tried to add, in Network > DHCP and DNS > General Settings and set the DNS forwardings, the following /publicDomain.com/search.privateDomain.lan
where privateDomain.lan is itself managed by my internal reverse proxy... but the router crashed (!) rebooting and rebooting and I cannot access to it and I have to reflash.
Reading the wiki, I think I could do
uci add dhcp cname
uci set dhcp.@cname[-1].cname="publicDomain.com"
uci set dhcp.@cname[-1].target="search.privateDomain.lan"
uci commit dhcp
/etc/init.d/dnsmasq restart
Is it correct?
Is there a way, via Luci?
Or should I add an iptables rules?
This is wrong, the second argument must be an address, not a name.
The use of cname is more appropriate. It is not supported in Luci though.
I think it is also possible with iptables, but it is more difficult than adding a cname.
Make sure your lan hosts are using the dnsmasq of OpenWrt as sole resolver.
Thanks trendy!
With this approach, eventual parameters included in the http request will be passed too?
For example, if a device requires: https://www.google.com/search?q=test
it will be forwarded to https://search.myprivateDomain.com/search?q=test
?
I think there is a misunderstanding here. A cname will merely reply back to a name query with the canonical name and the address. That way the host will know to which address to send the packets. What is in the data part of the http packet is not controlled from the dns and you'd need a proxy to alter it.
Be aware that DoH/ DoT on client devices (browsers are increasingly pushing in that direction), hsts or certificate pinning (chrome and anything google) will basically spoil your idea.