Redirect domain to local IP

Hi everyone,

Thanks in advance!

I'm running the following:
openwrt-22.03 on Nanopi R4S

I have setup my hosts file in /etc/hosts with the following entry
10.0.0.2 example.com

I have also setup DoH and adblock on this router.

On my previous router, i had the same setup but not DoH, and the domain redirect was working without any issues, i.e. traceroute (from my laptop) had only 1 hop and I can reach example.com without an internet connection.

On my new router (the Nanopi), traceroute goes outside my network and I cannot reach example.com without an internet connection.

Additionally, traceroute from my router to example.com is still 1, while my laptop goes outside my network. Ping from my laptop to example.com also has a none local ip.

I tried disabling DoH but had no luck.

Any help would be appreciated!

Thanks,
Cameron

Hi,

Thanks for the response.

I executed the following code, but no luck:

uci add dhcp domain
uci set dhcp.@domain[-1].name="example.com"
uci set dhcp.@domain[-1].ip="10.0.0.2"
uci commit dhcp
service dnsmasq restart

Is there a way I can log the dns queries better? I tried logread with dns logging enabled, but i couldn't find any dns queries for example.com

what does nslookup example.com <IP.of.your.router> say ?

btw, I think you want uci add_list dhcp.@dnsmasq[0].address="/example.com/10.0.0.2"

Also if you use windows, you also want to flush your dns and often you also have to flush the browsers dns resolver, let me explain: normally a dns has a time it renews, if it didn't renew yet the client remembers still the old domain to ip resolution so to force a renewal you flush the dns.

If you go to start->cmd, type:
ipconfig /flushdns

In a chromium browser its often:
chrome://net-internals/#dns

You may want to close sockets first and then reseting the dns cache if https was involved I think that can also help.

Also you want to follow @frollic advise too for checking dns and proper configuration

@frollic Thanks, I added dnsmasq address & flushed the dns cache. Traceroute & ping still go outside the network.

Here is the response for nslookup:

nslookup example.com 10.0.0.1
Server:		10.0.0.1
Address:	10.0.0.1#53

Name:	example.com
Address: 10.0.0.2

@trendy I am using a mac and I flushed my dns using the following command:

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

I'm using firefox as my browser & cleared the dns there as well, but I am using a terminal for my testing so the browser should have no effect.

Then you need to make sure your clients actually use your DNS.

https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns.

Try running the nslookup command again, without the IP of your router, to get some guidance on where your DNS requests actually are going.

In FF, you could disable DoH (secure DNS).

I ran the following code to setup the dns hijacking:

uci -q delete firewall.dns_int
uci set firewall.dns_int="redirect"
uci set firewall.dns_int.name="Intercept-DNS"
uci set firewall.dns_int.src="lan"
uci set firewall.dns_int.src_dport="53"
uci set firewall.dns_int.proto="tcp udp"
uci set firewall.dns_int.family="any"
uci set firewall.dns_int.target="DNAT"
uci commit firewall
service firewall restart

Since i'm using DoH on the router, it has a setting similar to this which is enabled. Please see image below.

Screenshot 2023-11-21 at 10.47.051358×176 15.7 KB

I tested again using the command below & I get the same response. When i added google dns servers on my mac, server and address change to the DNS server i set (8.8.8.8)

nslookup example.com
Server:		10.0.0.1
Address:	10.0.0.1#53

Name:	example.com
Address: 10.0.0.2

DoH in firefox has been switched off as well. Should I disable DoH on the router as well? I am not sure how it affects my issue.

Not sure how the DoH works in OpenWRT, but if it bypasses dnsmasq, you'll have to reconfigure, and put dnsmasq in the middle.

Client -> dnsmasq -> DoH upstream resolver

I turned off and disabled DoH in the router as well, but the issue is not resolved. I have changed the dns servers in my router to google, but dnsleaktest.com still says my isp is cloudflare.

I'm thinking there's something going on with my DoH settings and that they may be the cause of this issue. I'm trying to see if the settings have persisted. If you have any advice, please let me know!

Thanks for all the help so far.

Since nslookup returns the correct IP, I'd say the issues on the client.

You can solve it in OpenWRT, question is, do you want to.

You can solve it in OpenWRT, question is, do you want to

The DNS hijacking has been implemented. Is there anything else i should do?

I tested from another desktop on my network and it seems to work fine. I noticed that my wireless devices, including my phone, were the ones with this issue, so I changed the dns server in my wireless AP to the openwrt router. I tried turning off the internet and accessing example.com through my phone, which started working without issues.

I think setting the DNS in my wireless AP solved the issue with my phone, but not my laptop. Like you said, the problem is probably an issue with my client. The openwrt config is also correct as far as I can tell.

all of it, or only the port 53 part, you posted earlier ?

shouldn't really matter if you hijack all DNS related traffic.

Yes, just port 53. Is there any other port i should cover?

Android devices use DoT on OS level, that one's easy to block, it's just one port.
DoH is harder, since you need to block it based on IP, using the BanIP package.

It's all in the DNS hijacking link.

I blocked DoT and DoH with BanIP, but my mac still had this issue. In the end I decided to poke around my network settings a bit more, and found that I had implemented DoH on the mac at a system level sometime back. Once I removed that, everything worked as intended.

Thanks @frollic @trendy @xize for your help!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.