1. Set own DNS servers. Do this by adding config
options in WAN section in /etc/config/network. Here I use Open DNS
uci set network.wan.dns="208.67.222.222
208.67.220.220"
uci commit
ifup wan
This only adds new servers. If we want to use only them do following:
uci set network.wan.dns="208.67.222.222
208.67.220.220"
uci set network.wan.peerdns=0
uci commit network
ifup wan
Here peerdns=0 means to ignore ISP delivered DNS
2. Force using router as DNS server.
It may happen that the client does not use DHCP but has manually set the IP address or set up another DNS server. DNS queries usually (see note below) are sent to port number 53, so if all the client traffic goes through our router then we can force our router to be used regardless of what the client has set. To do this, route all requests to the destination port 53 / tcp and 53 / udp to your router (assuming: the router has the address 192.168.1.1 and its LAN subnet is 192.168.1.0/24, which is the default OpenWrt configuration).
iptables -t nat -I PREROUTING -s 192.168.1.0/24 -p
udp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -I PREROUTING -s 192.168.1.0/24 -p
tcp --dport 53 -j DNAT --to 192.168.1.1
(this can be added to the /etc/firewall.user file). Please note that your internet provider may also force the use of specific DNS servers, although it usually doesn't. While port 53 is the "standard" DNS service port, it happens that name servers can also listen on other ports. An example is the dnscrypt service which communicates on port 443. In networks using Tor, DNS is usually redirected to the built-in client anonymizing network.
No comments:
Post a Comment