1)Configure firewall to intercept DNS traffic.
2)Filter DoH traffic with firewall and IP sets forcing LAN clients to switch to plain DNS. Set up
3)Configure firewall to filter DoT traffic forcing LAN clients to switch to plain DNS.
not sure about DNS forwarding or DNS redirection if these are required.
otherwise 1-3 doesnt work .. Page is out of date and whole concept is broken / not working for android devices anymore. .. should be removed or tagged as not working.out of date.
well i described step by step what i did/was executed... so i am wondering where is that broken part... for sure i could ... but as was mentioned that website linked here doesn't contain any description/high level overview...
What makes you think that you are dealing with DOT or DOH? I have a dnsmasq resolution to a local server and it works even on Android, no matter what OS I do use. I am getting a local DNS resolution. Can you install CLI application on android and verify the Domain name resolution from your local network? Verify the same on linux and windows clients as well.
From within your network execute:
ping yourdomain.com
When the replying adress is local network address, the domain resolution is set up correctly.
edit2: yes, i completely disabled ipv6 on that computer, in adapters settings and now i can ping these hosts.
So ipv6 is causing the issue; is it possible completely disable ipv6 in my openwrt? No point to have it as i dont use it and its doing just mess...
is there a way how to debug why android cant see that dns translation? bc it can ping local IP,
but when i try to ping domain name which should translate to that local ip it says unknow host...
Do you have the control over the application source / android endpoint? If not, your chances to disable the DNS check of the android are lower. The application might use various DNS servers. To catch them you will need to use network sniffer.
You can use the openvpn or shadowsocks together with the domain homeassistant.local. The openvpn or shadowsocks will provide encrypted tunnel from outside to your lan. Being inside you just use the local address of your home assistant. When using shadowsocks, use your router's lan address as a dns resolver in the shadowsocks android app. Both shadowsocks and openvpn you can set up on your openwrt router. You will need then port forwards from your isp router.
No need to struggle with external domain and dns hijacking.
@kukulo
not sure , i have setup wherere i run services localy with public hostnames (because of certificates for https). So basicaly i need to get translated those public local hostnames to local ip inside my network ... and it doesnt work on that Android device only
Can you use just the homeassistant.local address on your app?
The way I explained is to tunnel into your lan when outside and then just use the local lan address. This way you do not need for the android use of public domain. Are you able to connect with the local address from the android app?