![]() ![]() These are my "additional dnsmasq options": no-resolv It seems like it should be pretty straight forward, but just isn't.Īdditional info: Router using dd-wrt firmware and I'm using dnsmasq to forward the pihole dns address and using my router us my upstream DNS. ![]() However, neither of these two approaches works. So, figured the inverse should also work, send everything that isn't destined to pihole that's on port 53 to pihole, something like this: iptables -t nat -A PREROUTING ! -destination 192.168.20.205:53 -j DNAT -to 192.168.20.205 This works for redirecting DNS's set to 8.8.8.8 to the pihole, but obviously not for anything else. Where 192.168.20.205 is the IP address for pihole. The only way I've been able to get this working as expected is to block specific DNS networks - 8.8.8.8, 8.8.4.4, etc - using this: iptables -t nat -I PREROUTING -destination 8.8.8.8 -j DNAT -to 192.168.20.205 I've been messing around with trying to force all DNS connections to be filtered through the pihole DNS, however all the examples and iptables rules I've found have suffered from DNS leaking, allowing hosts to bypass the pihole if they set their own DNS servers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |