User Tools

Site Tools


DNS hijacking using LuCI

See also: DNS hijacking using CLI

If you have set a custom DNS server and would like to enforce this across your network without clients being able to override it, then you'll need to force all DNS traffic through the router on the default port '53'.

Many Android devices are now being pre-programmed with the Google DNS servers ( and so they automatically bypass the DNS set on the router. It's unclear if any other devices are following this trend Android has, but if it's important that your client device(s) require a specific DNS then this guide will show you how to get around that.

A reason why you'd want to force all clients to a single DNS is if you have content filtering from a service such as OpenDNS that can block domains via URL's or through category filtering. OpenDNS can be setup with the DDNS Client using DNS-O-Matic When your WAN IP address updates it will also update OpenDNS so that your content filtering and URL blocking stay up-to-date.

To add this through the LuCI web interface:

  1. Go to 'Network > Firewall'
  2. Under the 'Port Forwards' tab enter 'Force DNS' under 'New port forward' section
  3. Set the 'Protocol to TCP+UDP
  4. Set 'External zone' to 'WAN' *
  5. Set 'External port' to '53'
  6. Set 'Internal zone' to 'lan' *
  7. Set 'Internal port' to '53'
  8. Click the 'Add' button
  9. Once it's added to the list open it back up by clicking the 'Edit' button
  10. Change the 'Source zone' from 'wan' to 'lan'
  11. Click the 'Save & Apply' button

* If you're unable to set the exact zones simply select anything from the list as you can change it in step 10





Validating redirection

The OARC Reply size Test can validate that your DNS queries are being intercepted.

dig +short TXT @

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/firewall/fw3_configurations/intercept_dns_luci.txt · Last modified: 2020/10/09 10:33 by tmomas