[Solved] How does https-dns-proxy "Force Router DNS" work?

spammy · May 23, 2023, 3:25pm

I've installed https-dns-proxy and it appears to be working well. However I'm struggling to figure out how the "Force Router DNS" feature works, and enabling and disabling the feature doesn't seem to change my configuration at all (apart from the config options for hdp itself). The guidance at [1] suggests that a redirect or REJECT would be created, but I don't see them.

The wiki at [2] indicates that one should follow the DNS Hijacking instructions at[3]

FWIW, I already have my own DNS intercept portforward set up to hijack some Google Home devices (that use a hardcoded DNS server) so this is more of an academic question to see off any unintended consequences as I do not want all devices to have their DNS hijacked, but can't tell what the situation is right now.

[1]https://docs.openwrt.melmac.net/https-dns-proxy/#force_dns
[2]https://openwrt.org/docs/guide-user/services/dns/doh_dnsmasq_https-dns-proxy
[3]https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns

trendy · May 23, 2023, 3:27pm

You should be able to see the changes in iptables-save -c; ip6tables-save -c; nft list ruleset The first 2 for 21.02 and before, the latter for 22.03 and after.

spammy · May 23, 2023, 3:37pm

Perfect thanks - I do indeed see the following:

	chain dstnat_lan {
		tcp dport 53 counter packets 0 bytes 0 redirect to :53 comment "!fw4: ubus:https-dns-proxy[instance1] redirect 0"
		udp dport 53 counter packets 238 bytes 14307 redirect to :53 comment "!fw4: ubus:https-dns-proxy[instance1] redirect 0"
	}

My error was in using Network->Firewall to check for the changes instead of System->Firewall.

trendy · May 24, 2023, 8:22am

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!

system · June 3, 2023, 8:22am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.