Most assured way to force all traffic to Open DNS servers?

Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Author Message
emanon
DD-WRT User


Joined: 25 Oct 2019
Posts: 144

PostPosted: Mon Apr 24, 2023 15:13    Post subject: Most assured way to force all traffic to Open DNS servers? Reply with quote
Is this the most assured way of forcing everyone on the network to use Open DNS Servers?

no-resolv
server=208.67.222.222
server=208.67.220.220

Or do I need to add something like this additionally?

iptables -I FORWARD --destination 1.1.1.1 -j REJECT
iptables -I FORWARD --destination 1.0.0.1 -j REJECT
iptables -I FORWARD --destination 8.8.8.8 -j REJECT
iptables -I FORWARD --destination 8.8.4.4 -j REJECT

I'm far from knowing 100% how to do what I am trying to accomplish and only copying what I see others doing.

_________________
Linksys WRT32X | DD-WRT v3.0-r51937 std (03/05/23) | macOS Ventura
Sponsor
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Mon Apr 24, 2023 15:21    Post subject: Reply with quote
Have you ever noticed that there is an option "Forced DNS Redirection" in the GUI?

You can find this option in the "Basic Setup" tab.

and no this does not work for all clients, clients can also use encrypted DNS like DoT or DoH.
DoH is difficult to block because the standard HTTPS port is used but with ipset it is possible.
emanon
DD-WRT User


Joined: 25 Oct 2019
Posts: 144

PostPosted: Mon Apr 24, 2023 15:35    Post subject: Reply with quote
ho1Aetoo wrote:
Have you ever noticed that there is an option "Forced DNS Redirection" in the GUI?

You can find this option in the "Basic Setup" tab.

and no this does not work for all clients, clients can also use encrypted DNS like DoT or DoH.
DoH is difficult to block because the standard HTTPS port is used but with ipset it is possible.


If I check Forced DNS Redirection I will not need anything else except to place Open DNS Servers in Static DNS 1 and Static DNS 2?

What should I place in Static DNS 3? I've read to place "10" or "0". I can't recall a definitive answer as to what to place in Static DNS 3 to ensure only Open DNS servers are used.


Thanks for responding.

_________________
Linksys WRT32X | DD-WRT v3.0-r51937 std (03/05/23) | macOS Ventura
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Mon Apr 24, 2023 15:43    Post subject: Reply with quote
You enter your desired DNS servers under "static DNS" either 1 or 2 or 3
Not used fields remain empty ( 0.0.0.0 )

There is also the option "Forced DNS Redirection DoT" in the GUI but this does not redirect DoT but blocks it but also only the default port. (theoretically you can use any port for DoT).

And blocking DoH is as already mentioned a bit more complicated.
emanon
DD-WRT User


Joined: 25 Oct 2019
Posts: 144

PostPosted: Mon Apr 24, 2023 15:48    Post subject: Reply with quote
ho1Aetoo wrote:
You enter your desired DNS servers under "static DNS" either 1 or 2 or 3
Not used fields remain empty ( 0.0.0.0 )

There is also the option "Forced DNS Redirection DoT" in the GUI but this does not redirect DoT but blocks it but also only the default port. (theoretically you can use any port for DoT).

And blocking DoH is as already mentioned a bit more complicated.


Ok I thought should use Static DNS 1 and Static DNS 2 since Open DNS has two different server addresses LOL. Thanks for clearing that up! I guess I will worry about blocking DoH at a later date.

_________________
Linksys WRT32X | DD-WRT v3.0-r51937 std (03/05/23) | macOS Ventura
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Mon Apr 24, 2023 15:50    Post subject: Reply with quote
Yes you can specify multiple servers but you don't have to.
emanon
DD-WRT User


Joined: 25 Oct 2019
Posts: 144

PostPosted: Mon Apr 24, 2023 15:53    Post subject: Reply with quote
ho1Aetoo wrote:
Yes you can specify multiple servers but you don't have to.


OK

_________________
Linksys WRT32X | DD-WRT v3.0-r51937 std (03/05/23) | macOS Ventura
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum