User Tools

Site Tools


DNS request hijacking

The DNS servers on for instance Android devices may be hard coded. To force them to use your own DNS server, add this configuration to /etc/config/firewall:

config redirect
        option name 'DNS redirect'
        option src 'lan'
        option src_dport '53'
        option dest_port '53'
        option target 'DNAT'
        option proto 'udp'
        option dest 'lan'

To add this configuration usin Luci, go to Network / Firewall / Port forwards

Under “New port forward”, fill in

Name: DNS redirect
Protocol: UDP
External zone: lan (or wan if lan is not available)
External port: 53
Internal zone: lan
Internal port: 53

Click add. If you had to select wan under External zone then click edit on the entry you just added and change Source zone to lan.

Make sure the entry is enabled, then click save and apply.

docs/guide-user/dns-request-hijacking.txt · Last modified: 2018/11/22 11:33 by per