User Tools

Site Tools


docs:guide-user:firewall:fw3_configurations:forced_dns_redirection

DNS hijacking via LuCI

If you have set a custom DNS server and would like to enforce this across your network without clients being able to override it, then you'll need to force all DNS traffic through the router on the default port '53'.

Many Android devices are now being pre-programmed with the Google DNS servers (8.8.8.8 and 8.8.4.4) so they automatically bypass the DNS set on the router. It's unclear if any other devices are following this trend Android has, but if it's important that your client device(s) require a specific DNS then this guide will show you how to get around that.

A reason why you'd want to force all clients to a single DNS is if you have content filtering from a service such as OpenDNS that can block domains via URL's or through category filtering. OpenDNS can be setup with the DDNS Client using DNS-O-Matic When your WAN IP address updates it will also update OpenDNS so that your content filtering and URL blocking stay up-to-date.

To add this through the LuCI GUI:

  1. Go to 'Network > Firewall'
  2. Under the 'Port Forwards' tab enter 'Force DNS' under 'New port forward' section
  3. Set the 'Protocol to TCP+UDP
  4. Set 'External zone' to 'WAN' *
  5. Set 'External port' to '53'
  6. Set 'Internal zone' to 'lan' *
  7. Set 'Internal port' to '53'
  8. Click the 'Add' button
  9. Once it's added to the list open it back up by clicking the 'Edit' button
  10. Change the 'Source zone' from 'wan' to 'lan'
  11. Click the 'Save & Apply' button

* If you're unable to set the exact zones simply select anything from the list as you can change it in step 10

40513563233_22306e5912_b.jpg

46564411775_13936873e9_b.jpg

47479776681_d8638200ed_b.jpg

46564411705_74da3fd639_b.jpg

See also: DNS hijacking via CLI

docs/guide-user/firewall/fw3_configurations/forced_dns_redirection.txt · Last modified: 2019/07/14 16:10 by tmomas