hi i want to block a dns response for a client
tcpdump -i wlan0 port 53 in my openwrt
6:23:54.504883 IP android-87d96661de850.lan.38014 > OpenWrt.lan.53: 16069+ A? example.com. (47)
16:23:54.793475 IP OpenWrt.lan.53 > android-87d96661de850.lan.38014: 16069 1/0/0 A 18.104.22.168 (63)
iptables -A OUTPUT -p udp -s 22.214.171.124 -d 192.168.1.218 --dport 53 -j DROP
client ip :192.168.1.218 | website i try block its dns response: example.com | example.com's ip :126.96.36.199
what is the right way to block the dns response for example.com using iptables
With iptables you can block all the dns responses for the client.
With dnsmasq or adblock you can block the replies for example.com
I am not aware of an all-in-one solution, however running a separate instance of dnsmasq and redirecting the queries of the host in question to the secondary instance, which blackholes the domain could be a solution.
is it possible to run two dnsmasq on diffirent ports (53 and 5053 ) and one of them (on port 53 ) reddirect all trafic to a welcoming page the other (on port 5053) resolve the real websites ips
and switch users between them with iptables port forwarding ...?
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.