New Build - 05/03/2022 - r48786

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page Previous  1, 2
Author Message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Wed May 04, 2022 15:30    Post subject: Reply with quote
Alozaros wrote:
Mile-Lile wrote:
@egc
DNS could be used on all sort of non-custom ports. So, I was wondering could we use deep packet inspection to intercpet dns queries and redirect them to wanted server... something like:

Code:
  insmod("xt_ndpi");
save2file("-A PREROUTING -i %s -m ndpi --dns -j DNAT --to %s\n", var, nvram_safe_get("lan_ipaddr"));


but looking at ndpi code https://github.com/ntop/nDPI/blob/dev/src/include/ndpi_protocol_ids.h, I think BS should update new dns protocols such as DoH (DNS over HTTPS), DoT (DNS over TLS), DoQ (DNS over QUIC), DNSCRYPT

and ndpi will catch both ipv6 and ipv4 DNS (DNSv4 and DNSv6)... https://github.com/ntop/nDPI/blob/dev/src/lib/protocols/dns.c


that's is a good idea...
my interaction with ndpi in the past was, ndpi was very CPU intensive, as well the binary needed to be updated and in DDWRT it was not full due to either it was old or striped..my guess it is too big...

egc wrote:
DoT redirects port 853 to the router port 53.

So captures rogue clients trying to use DNS over TLS

If you want to block DoH you have to use IPSET to block DoH servers
Described in the IPSET guide


interesting i was thinking it was the opposite way ... Razz

in your case i wonder how it will redirect and reply the encrypted payload from 853 in 53..
so probb DoT will be screwed, as well how it will distinguish DNS from the other TLS requests that go over 853 ... ??? Laughing Wink Cool

I'm pretty sure I could find email responses regarding this and these two tickets, but I think the noted silence on BrainSlayer's part speaks for itself.

https://svn.dd-wrt.com/ticket/6272
https://svn.dd-wrt.com/ticket/6563

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Sponsor
strange
DD-WRT User


Joined: 18 Jun 2006
Posts: 229

PostPosted: Thu May 05, 2022 0:18    Post subject: Reply with quote
Netgear XR500 - Gateway
Firmware Version: DD-WRT v3.0-r48786 std (05/03/22)
Kernel Version: Linux 4.9.312 #917 SMP Tue May 3 03:36:44 +07 2022 armv7l
Temperatures: CPU 56.188 °C / wlan0 59 °C / wlan1 64 °C
Current Time: Wed, 04 May 2022 17:14:03
Uptime: 23:30
Reset: No
GUI install over 48741
Installed using Brave browser over wireless
No issues

Thank you BS and thanks you gurus for your guides and wisdom

_________________
Netgear XR500 - Gateway
R6700 v3 - Station Bridge
mwbuss8
DD-WRT Guru


Joined: 23 Feb 2015
Posts: 751

PostPosted: Thu May 05, 2022 4:29    Post subject: Reply with quote
Everything updated from r48741 and running well.

Thanks Devs!

_________________
Current devices:
XR500 - gateway
5x R7500v2 - AP
OpenMediaVault server for tailscale, SMB, & Emby
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum