Dear OpenWRT gurus,
I need your help with my setup. I am quite beginner to this and I am having some struggle with dns forwarding based on gateway.
Here is my setup:
- typical LAN zone, forwarded to WAN and VPN zone (wireguard client)
- dns hijacking and fitering using adblock-lean. I managed to get no leaks by also blocking dot, using doh blocklist etc. All LAN clients end up going through the dns flitering, even if they set different dns locally or use encrypted dns.
- only VPN interface has a custom DNS entry specified (specifying one in WAN resulted in some DNS leaks)
- everything set up to go through the VPN interface
- HTTPS DNS Proxy enabled: routes through vpn and accesses configured server from VPN country
- HTTPS DNS Proxy disabled: accesses the VPN provider dns
so far everything working as desired, mostly thanks to searching this forum!
Additional goal:
- I want to be able to specify if some devices in the lan network should go through WAN (both trafic and DNS requests)
- I want this to be a single-place entry. Ideally I can modify this from LuCI in one place
What I tried:
- disable HTTPS DNS Proxy for all the below. Didn't even reach to that point yet.
- using a PBR policy for the device IP, I see that only the traffic gets routed through WAN, but not the DNS
- I tried to set a DNS policy for the device IP, but nothing really changed. I assume it is because dnsmasq on the router is the one that forwards?
- I tried adding custom DNS entry also to WAN interface, but the only thing that does is a leak through the tunnel. DNS goes over the tunnel and sometimes reaches WAN server at the end.
- I tried a bunch of other things (trying to set dns over dhcp, dns forwards etc.)
nothing worked
I am probably not understanding something basic about how to conditionally forward dns from dnsmasq to different interfaces depending on the device initiating the request.
Could you please guide me as to what's the appropriate method to do this?
Thanks a lot guys!