Is it possible to set the router to accept dns requests from outside network?

Hi guys,

first of all, sorry for my english, I'm trying my best.

Im having a blast using Openwrt (for few months) so im kinda noobie, but i managed to get my internet, port forwarding, DDNS, AdBlock etc. to work just fine. The AdBlock package is reason why im here. Tried google for many many hours > no success.

I was ussing DNS Ad blockers like AdGuard etc. They were "not great not terrible".
With AdBlock package i almost completely remove Ads from PCs, Mobile devices and Smart TV inside my home network - works great - and that give me an idea.

If Ad do request to DNS server through my router, it get filtered by AdBlock = Ad wont load.

So my question is:

Is it possible to use my router with OpenWrt as public DNS too? So that i can set it up to accept DNS requests from outside network > filter it trough Adblock > give info back with no ads.

Main reason to do that, is to use it with my Android phone with mobile network, where im using adguard.dns at the moment, and as i mentioned, it works "not great not terrible". But if im able to configurate my router to do that, i get much better results.

I have:

  1. Public IP
  2. Router accesible from outside network
  3. DDNS with noip.com
  4. Security = I'm not an expert in that, i managed to set Dropbear to accept from LAN only due to some login attempts from China and set my password to be 26 characters long - upper/lowercase letters, numbers and characters.

Technically, yes - but you don't want to do that. On the one hand I wouldn't expose dnsmasq to the internet (security impact), on the other hand many ISPs scan for DNS relays in their networks and might block them (for good reasons).
From a purely technical point of view, this would only be possible if you had a static IP on your home gateway, DDNS is not going to save you here (as you would need DNS to resolve the DDNS entry, while your mobile is configured to use the 'unknown' IP of your home gateway befoer it has DNS resolution).

A better approach would be to set up a ("roadwarrior") VPN into your home network and to route all traffic through your home network while being away from home (options would include OpenVPN, IPsec or wireguard).

4 Likes

Thanks for response, i got you on the DDNS to DNS = ofcourse it cannot work, my bad.
I have static IP so i guess it can work, but il try your recommendation to use VPN, seems more secure that way, il post results. Thank you

1 Like

Of the various VPN options, WireGuard is perhaps the easiest to configure and is significantly lighter weight as far as computation goes, compared to OpenVPN.

With a VPN, you'll need to decide if you want to route all your traffic from your phone through your home network, or just the DNS traffic. Routing all is pretty straightforward. Just the DNS traffic isn't too bad either, but requires a couple more lines of config.

I've been using IPsec/ IKEv2 (strongswan) for a couple of years now, it's always suited me well so far. I only tested setting up OpenVPN for a short while, about 4 years ago - didn't like it that much. I may have to look into wireguard soon, to allow incoming VPN sessions via IPv6 (only) - as that is a weak point of many IPsec android applications.

As a user I'm regularly exposed to OpenVPN, IPsec/ IKEv1 and IPsec/ IKEv2, all of them do their job quite fine and would take care of your problem.

The easiest approach is to route all of your mobile traffic over your VPN connection, everything beyond that (split tunnel/ split horizon) can be future optimization potential.

(and yes, I do appreciate adblock's work over VPN for my mobile uses myself, along the more traditional VPN uses of being able to access ressources from my home network)

1 Like

Indepedant of using DNS-From-Home, or Internet-Via-Home, which will both introduce latency, you can use Adaway on a rooted mobile to get Zero-Latency-Answers for most known offenders. Of course, if you want to access ressources from home, you'll need a VPN, or some SSH-Tunnels anyway, but a local (to the mobile device) ad-blocklist will make your browsing experience much more speedier.

Unfortunately, there are devices, where this is not possible, and the correct solutions suggested above are the only workable ones to reduce the ad-load.

Well, i tried OpenVPN and WireGuard with no success...i guess im doin something wrong

Too bad i got new Honor View20 and too late i noticed they no logner support unlocking bootloader..

As a server on OpenWrt or with OpenWrt as a client? I've tried to set up the client IPSec/Strongswan connection on OpenWrt a while ago to test VPR compatibility and whatever was posted on wiki was incomplete/outdated/not-working. If you have OpenWrt set up as an IPSec/Strongswan client, please post the setup on wiki.

So far I've only used strongswan as server on OpenWrt, to allow me calling in from the road. I've always wanted to look into a client site2site setup (NAT'ing my network to the remote end), but I never really got to it so far (and it's actually becoming less and less important to me).

Ok guys, just to let you know, after hours of pain, i got it workin.
Im using OpenVNP currently with full traffic and of course = there is no Ads.
I will try to configurate it more in meantime, but now its time to sleep - 3am here.
Thanks for help!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.