DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?
- pharcyder
- Offline
- Member
Less
More
- Posts: 165
- Thank you received: 1
21 Oct 2021 12:44 #100015
by pharcyder
Replied by pharcyder on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?
Is the device you're using for this test on the same VLAN / Subnet as your PiHole?
Please Log in or Create an account to join the conversation.
- tomek
- Offline
- New Member
Less
More
- Posts: 8
- Thank you received: 0
23 Oct 2021 14:07 #100022
by tomek
Replied by tomek on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?
Yes, only LAN1 is setup so far. Perhaps I don't understand how it's meant to work.
If I set the DNS servers for LAN1 as Google and then also set conditional forwarding to Google, but then do a DNS lookup targeting the PiHole, the queries still hit the PiHole. I'd have thought the 2865 should proxy it to Google?
If I do a DNS lookup specifying that the DNS server is a WAN address (but actually it isn't a DNS server) then it does reply (presumably as the 2865 forwarded it to Google). So it seems like it only works if the forwarded DNS is remote?
I might see if I can work out the firewall port 53 rule instead.
If I set the DNS servers for LAN1 as Google and then also set conditional forwarding to Google, but then do a DNS lookup targeting the PiHole, the queries still hit the PiHole. I'd have thought the 2865 should proxy it to Google?
If I do a DNS lookup specifying that the DNS server is a WAN address (but actually it isn't a DNS server) then it does reply (presumably as the 2865 forwarded it to Google). So it seems like it only works if the forwarded DNS is remote?
I might see if I can work out the firewall port 53 rule instead.
Please Log in or Create an account to join the conversation.
- byboxsimon
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
06 Jan 2022 11:21 #100364
by byboxsimon
Replied by byboxsimon on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?
I know I'm a bit late to this discussion, but it seems the same or very similar to the issue I'm getting and wondered if you could share any advice / explain the solution to me.
I am trying to ensure any hard-coded DNS is redirected through my pi-hole. On my Vigor2762ac Applications > LAN DNS / DNS Forwarding I set up a profile for DNS forwarding for full wildcard domain to the IP of my pi-hole. With that enabled the pi-hole gets flooded with requests from the router (> 1000 p/m) and throttles it. Outlook on my desktop reports it can't connect to the exchange server, Microsoft Teams reports itself as offline and my Android phone says it's connected to my WiFi but with no internet access. So it seems that maybe I'm partially successful in forcing the hard-coded DNS, but it causes enough other issues that it's not the solution. Blocking port 53 on the firewall feels like it will also just break stuff.
Most articles I've seen suggest a NAT to redirect as that would appear as though the hard-coded DNS was responding though it would in fact be being handled by the pi-hole.
From what I've understood of this post the Vigor2762 doesn't support the redirecting approach and instead I'd need to set up hosts that map 8.8.8.8 to my pi-hole, and I guess I could do that for each hardcoded DNS (but besides the google ones I don't know many others). Does that sound like a solution?
I am trying to ensure any hard-coded DNS is redirected through my pi-hole. On my Vigor2762ac Applications > LAN DNS / DNS Forwarding I set up a profile for DNS forwarding for full wildcard domain to the IP of my pi-hole. With that enabled the pi-hole gets flooded with requests from the router (> 1000 p/m) and throttles it. Outlook on my desktop reports it can't connect to the exchange server, Microsoft Teams reports itself as offline and my Android phone says it's connected to my WiFi but with no internet access. So it seems that maybe I'm partially successful in forcing the hard-coded DNS, but it causes enough other issues that it's not the solution. Blocking port 53 on the firewall feels like it will also just break stuff.
Most articles I've seen suggest a NAT to redirect as that would appear as though the hard-coded DNS was responding though it would in fact be being handled by the pi-hole.
From what I've understood of this post the Vigor2762 doesn't support the redirecting approach and instead I'd need to set up hosts that map 8.8.8.8 to my pi-hole, and I guess I could do that for each hardcoded DNS (but besides the google ones I don't know many others). Does that sound like a solution?
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
06 Jan 2022 21:31 #100373
by hornbyp
You'd only be stopping LAN clients from connecting willy-nilly to external DNS servers. Add a default block rule , then a rule to allow only your 'Pi-hole' access. (The Vigor itself won't be affected by this - it's the other side of the firewall).
Intriguing, but my view is that clients on my network must use my settings :twisted:
Well I made no real sense out of the lan-forwarding stuff and just used a version of @
Markvoip
's solution (though I did it on Windows Server).
Replied by hornbyp on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?
ByBoxSimon wrote:
Blocking port 53 on the firewall feels like it will also just break stuff.
You'd only be stopping LAN clients from connecting willy-nilly to external DNS servers. Add a default block rule , then a rule to allow only your 'Pi-hole' access. (The Vigor itself won't be affected by this - it's the other side of the firewall).
Most articles I've seen suggest a NAT to redirect as that would appear as though the hard-coded DNS was responding though it would in fact be being handled by the pi-hole.
Intriguing, but my view is that clients on my
From what I've understood of this post the Vigor2762 doesn't support the redirecting approach and instead I'd need to set up hosts that map 8.8.8.8 to my pi-hole, and I guess I could do that for each hardcoded DNS (but besides the google ones I don't know many others).
Well I made no real sense out of the lan-forwarding stuff and just used a version of @
Please Log in or Create an account to join the conversation.
Moderators: Sami
Copyright © 2024 DrayTek