Redirect Android 'Secure DNS' to OpenWrt

Adblock is working for my internal network.

I have added Port Forwarding rules to redirect ports 53 & 853 to my OpenWrt router. That is working well for 'Desktop Chrome' with 'Secure DNS' enabled in the application.

Android Chrome isn't playing ball and is circumventing the DNS rules.

I've tried redirecting 8.8.8.8 and 8.8.4.4 ports 53 & 853 to OpenWRT, but it's still failing.

Any ideas how to fix this?

1 Like

Android uses DoT on OS-level, you need to disable it too, under Settings -> More connections -> Private DNS.

Or what vgaetera wrote.

3 Likes

Everything works with 'secure DNS' disabled in Android, but I'd rather not disable it globally because I use my phone outside the home.

I tried this:

image

But it is still bypassing my router.

You also need to block/disable DoH since Chrome uses it by default.

2 Likes

It's either secure or it isn't.

1 Like

Yes the whole point is to prevent a man in the middle, such as your router, from being able to redirect DNS.

I installed 'ipset' and followed the DoH instructions. Secure DNS is now being intercepted and adblock is being invoked.

Thanks for your help.

One last thing - is there a 'use secure DNS' setting that I can apply on the router?

1 Like

Security is relative and depends on what we consider to be a threat or not.
Moreover, security that silently falls back to an insecure protocol is questionable.

I installed this package and it is now working.

luci-app-https-dns-proxy