i get internet from wifi, after logging into a captive portal. my isp hijacks dns.
i have tried to use each of secure-dns, but i can't access even the captive portal website.
no surprise, it probably isn't using public FQDNs, and can't be resolved anywhere but using their DNS.
you need to tell dnsmasq to resolve the ISP's names in the ISPs DNS server, the rest using your DNS tunnel.
4 Likes
wiki said to 'Ignore resolv file'. should i not?
how do i do this?
depends what kind of result you're expecting ...
does the ISP use FQDNs for their names ?
or something shorter, like https://portal ?
i just want secure dns. don't know what i should expect. i guess i expect that all (or atleast some if i can specify what/where) dns traffic is secure. if i can't signin to the captive portal, i don't seem to have any dns cause i can't reach cloudflare/google dns servers.
yes the captive portals is fqdn.
you need something like the server=/ISP.FQDN.com/ISP.DNS.I.P line described in Dnsmasq.conf confusing SERVER entries
with the DNS name of your ISP, and the IP of their DNS, this should make their names resolve using their DNS, while the rest should be forwarded to the secure DNS forwarded you configured.
https://openwrt.org/docs/guide-user/services/dns/doh_dnsmasq_https-dns-proxy is the easiest one to set up.
2 Likes
i have tested a few times. captive portal fqdn is the same (actually one of two), but dns server ip is different every time.
so how do i do this isp.dns.ip? can i add multiple ip to the list? or enable resolv conf back on?
resolv.conf checkbox adds provider dns servers as alternative dns servers.
How do we know what are you trying to do?
You should use one of those IPs in the server= entry, not sure if param will accept two IPs.
can i make cloudflare/google dns servers as primary and resolv.conf as backup only? otherwise all my dns queries might go through isp dns servers.
i am trying to secure dns. my isp hijacks dns upstream.
How about you get it to work 1st ?
Provided you use DNSMasq for DNS resolving you make sure to use the ISP DNS server to resolve the captive portal:
/etc/config/dhcp > config dnsmasq:
list server '/ISP.FQDN.com/ISP.DNS.I.P'
Just as frollic mentioned
Then use HTTP DNS proxy to get secure DNS this will be used as upstream resolver
2 Likes
You can do
/cloudflare.com/1.1.1.3
/cloudflare.com/1.0.0.3
To have double servers.
2 Likes
Ah, that works, wasn't sure reading from the default conf.
1 Like
Should be somehow noted in secure DNS wiki section, it is a recurrent question in forum..
So, basically, you are using a 'wifi hotspot' for internet.
Read about Travelmate and you can approach it from a different angle than the brute force that is being suggested.
Doesn't solve the ISP DNS interception though ?
1 Like
If done right (and Travelmate is a persnickety package to be installed exactly as instructed. It is not documented that deviations causes issues.)
it will solve the the captive portal issue and I've never had a hotspot win DNS using it.
Remove all your customizations and make sure you use ISP provided DNS only.
With curl installed on the router get to the state where the redirect should happen and run the following:
curl -I http://openwrt.org
You should receive HTTP/1.1 301 Moved Permanently followed by
Location: http://host.domain.tld/
Then run nslookup host.domain.tld. (replace with the name you see on your system) and post the result along with your curl output.
1 Like
If done (configured) right, so would dnsmasq 