Posted: Mon Dec 26, 2016 4:09 Post subject: How to force client DNS
I have a few sites that I block and today via dns and using ddwrt. Today caught my 7 year old installing a chrome vpn addin which bypasses my dns entries. This also bypasses "access restrictions"
I remember seeing a command that can be added to dnsmasq that forces the dns I choose regardless of whats set on the client.
Look for "Forced DNS redirection" in your settings, and enable. Also, you'll need to find out what type of VPN protocol that plugin uses and block it... _________________ Netgear R7000 w/r31780M <KONG> build
Netgear R6700 (Un-opened with stock. My backup/emergency router if the R7000 takes a dump...)
2x Buffalo WHR-HP-GN 28493 (Used for 2.4 Ghz bridge when needed.)
Asus WL-500g Premium (1x v1 & 1x v2) (Still have, but retired for now.)
1x Linksys WRT54G v8 >>DD-WRT v24SP1 (The other routers needed something to point at and make fun of.)
You're thinking of strict-order, but you need to enable the "Force DNS redirection" as was mentioned which installed iptable rules to destination NAT DNS traffic to your router IP. Not sure it would work with a VPN though...hence again as was suggested, block the VPN tunnel. _________________ R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x https://pi-hole.net/ https://github.com/DNSCrypt/dnscrypt-proxy
Look at the Intercept DNS Port Specific Ip/Range section in the link below. You might have to mix and match commands. Most likely, though, you will have to block the VPN source.