Question on DNS hijacking

Installing and Using OpenWrt
1

Good morning all.

I am going to implement to hijacking code detailed in this excellent guide - https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns

before I do, an anyone confirm that it still works as stated when I have the Dns-over-Https proxy installed as at https://openwrt.org/packages/pkgdata/https-dns-proxy ?

Or do I need to make any changed?

another question of interest, the guide explains how to block potentially hostile clients using DoH or DoT. But if it is so easy, what is to stop my ISP doing this?

1 Like
2

https-dns-proxy already has a force_dns option that should take care of DNS interception, so you don’t need to do it manually.

3 Likes
3

Oh cool, thanks.
But do i still need to manually block devices from using DoH or DoT? Or does the force option in the DNS proxy handle that too?

4

It will prevent DoT, but DoH will need the other solution.

5

Duplicate thread:

6

Yes but only for Apple & Firefox. If you want to cover more DoH providers you can use lists such as this:

or