Using different DNS server for specific sites

I have cleanbrowsing.org for DNS filtering. I'm fairly happy with it, but it blocks some sites that I don't think should be blocked.

How do I redirect DNS request for a specific website to a different DNS server?

I'm also interested in the inverse, how do I block a DNS request for a specific website the default DNS server allows?

Selective forwarding

DNS filtering

3 Likes

Thank you @trendy.

The selective forwarding works in Firefox, but now Chrome seems to be able to get around it. In the firewall I added these custom rules to prevent devices from overriding the router's automatic DNS server:

iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p udp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 53 -j DNAT --to 192.168.1.1

I did this to test that the DNS filtering was working correctly:

  • Windows automatically obtains DNS server - Unable to visit badexample.com - PASS
  • Tell Windows to prefer Google's DNS server - Unable to visit badexample.com with Firefox - PASS
  • Tell Windows to prefer Google's DNS server - Able to visit badexample.com with Chrome - FAIL

Any idea what is going on?

Quite possible that Chrome is using DNS over HTTPS or TLS to bypass these.