How to force client DNS

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
jebise101
DD-WRT Guru


Joined: 25 Sep 2009
Posts: 594

PostPosted: Mon Dec 26, 2016 4:09    Post subject: How to force client DNS Reply with quote
I have a few sites that I block and today via dns and using ddwrt. Today caught my 7 year old installing a chrome vpn addin which bypasses my dns entries. This also bypasses "access restrictions"

I remember seeing a command that can be added to dnsmasq that forces the dns I choose regardless of whats set on the client.

strict-force or something.
Sponsor
SirSilentBob
DD-WRT User


Joined: 09 Oct 2007
Posts: 258

PostPosted: Mon Dec 26, 2016 4:19    Post subject: Reply with quote
Look for "Forced DNS redirection" in your settings, and enable. Also, you'll need to find out what type of VPN protocol that plugin uses and block it...
_________________
Netgear R7000 w/r31780M <KONG> build

Netgear R6700 (Un-opened with stock. My backup/emergency router if the R7000 takes a dump...)

2x Buffalo WHR-HP-GN 28493 (Used for 2.4 Ghz bridge when needed.)

Asus WL-500g Premium (1x v1 & 1x v2) (Still have, but retired for now.)

1x Linksys WRT54G v8 >>DD-WRT v24SP1 (The other routers needed something to point at and make fun of.)
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 776
Location: AR, USA

PostPosted: Tue Dec 27, 2016 20:38    Post subject: Reply with quote
You're thinking of strict-order, but you need to enable the "Force DNS redirection" as was mentioned which installed iptable rules to destination NAT DNS traffic to your router IP. Not sure it would work with a VPN though...hence again as was suggested, block the VPN tunnel.
_________________
R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x
https://pi-hole.net/
https://github.com/DNSCrypt/dnscrypt-proxy
MongooseProXC
DD-WRT User


Joined: 24 May 2012
Posts: 235

PostPosted: Wed Dec 28, 2016 20:49    Post subject: Reply with quote
Look at the Intercept DNS Port Specific Ip/Range section in the link below. You might have to mix and match commands. Most likely, though, you will have to block the VPN source.

https://www.dd-wrt.com/wiki/index.php/OpenDNS
hubermania
DD-WRT User


Joined: 24 Aug 2012
Posts: 223

PostPosted: Fri Dec 30, 2016 1:42    Post subject: Reply with quote
Setup->Basic has some of the options...
Use DNSMasq for DNS [x]
Forced DNS Redirection [x]

Services->Services tab has others...
No DNS Rebind [x]Enable
Query DNS in Strict Order[x]Enable

Administration->Management tab, make sure you've got a big, cryptic password and that the GUI is only accessible by HTTPS with no remote access.

Worst comes to worst, you can always MAC filter the lil' hacker. Twisted Evil

_________________
[Broadcom] Asus rt-ac66u r35531 ('66 should only be factory reset through the DD UI)
Fix RT-AC66U "wl1 [2.4 GHz TurboQAM]". DD-WRT failsafe UI @ http|https://169.254.255.1/
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum