So according to this: https://code.google.com/p/android/issue … l?id=79504 the Android L has a known issue where it ignores the DNS domain coming from DHCP or static configuration and always uses the Google DNS servers. On top of that, Google Chrome seems to be using hard-coded Google DNS servers via IPv6.
The following is credited to rhester72, who provided great instructions on how to make sure that both IPv4 and IPv6 DNS requests from the devices connected to the router are intercepted (in my case to make sure that script I run to block ads by redirecting certain domains to a transparent gif works for these devices).
First install the required packages:
opkg update
opkg install ip ip6tables-mod-nat kmod-ipt-nat6
Then run the following:
echo "iptables -t nat -A prerouting_rule -i br-lan -p udp --dport 53 -j DNAT --to `/usr/sbin/ip addr show dev br-lan | grep global | grep -m 1 inet | awk '{print $2}' | cut -d/ -f1`" >> /etc/firewall.user
echo "iptables -t nat -A prerouting_rule -i br-lan -p tcp --dport 53 -j DNAT --to `/usr/sbin/ip addr show dev br-lan | grep global | grep -m 1 inet | awk '{print $2}' | cut -d/ -f1`" >> /etc/firewall.user
echo "ip6tables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to-destination [`/usr/sbin/ip addr show dev br-lan | grep global | grep inet6 | awk '{print $2}' | cut -d/ -f1`]" >> /etc/firewall.user
echo "ip6tables -t nat -A PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to-destination [`/usr/sbin/ip addr show dev br-lan | grep global | grep inet6 | awk '{print $2}' | cut -d/ -f1`]" >> /etc/firewall.user
And reboot the router.
Now your Android L devices (well, all the devices on your network really) will be using your router's DNS instead of whatever is hardcoded.
PS. If you want to intercept the DNS requests only from specific devices, you can add "-m mac --mac-source <MAC_of_Android_L_device>" after the "br-lan" to the iptables rules above.
Again -- huge thanks to Rodney for coming up with this solution.
(Last edited by stangri on 9 Mar 2015, 22:08)