DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?

  • markvoip
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
28 Jun 2020 16:35 #1 by markvoip
2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect? was created by markvoip
I run my own DNS (Raspberry Pi-hole) for ad and malware filtering.

But my Panasonic TV and some Honeywell iot devices ignore the DHCP DNS offered by my Vigor 2762 and use a hard-coded DNS of 8.8.8.8

I would like the Vigor to intercept those requests and route them to my Pi-hole (on, e.g. 192.168.x.y).

How can I achieve that?

Dead easy on a 2860; just set a Static Route, but that doesn't seem to be available on the 2762; is there another way to achieve the same effect?

TIA

Mark

Please Log in or Create an account to join the conversation.

More
29 Jun 2020 12:23 #2 by admin3
Replied by admin3 on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?
Try using the Conditional DNS forwarding? That's under Applications > LAN DNS / Conditional DNS. You'd need to set up a rule so that * (should be all hostnames?) will go to your local DNS server.

That's a bit extreme because it should mean that all DNS going through the router will be routed through your personal DNS server regardless of the DNS address used by clients, but it should work :)

Forum Administrator

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
30 Jun 2020 03:18 #3 by hornbyp
Replied by hornbyp on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?

markvoip wrote:
Dead easy on a 2860; just set a Static Route, but that doesn't seem to be available on the 2762; is there another way to achieve the same effect?



I take it for that scheme to work, you have to add a fake 8.8.8.8 IP address to the Pi's network interface?

(I'm interested in this, because I have noted the same issue. But just setting a static route on the 2860 to one of my DNS servers, just results in ICMP and DNS timeouts from 8.8.8.8 - to be expected, really :?: - (my DNS servers are Windows Server 2008 R2 ... a bit long in the tooth now :) ))

Please Log in or Create an account to join the conversation.

  • markvoip
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
30 Jun 2020 12:39 #4 by markvoip
Replied by markvoip on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?

admin3 wrote:
Try using the Conditional DNS forwarding? That's under Applications > LAN DNS / Conditional DNS. You'd need to set up a rule so that * (should be all hostnames?) will go to your local DNS server.

That's a bit extreme because it should mean that all DNS going through the router will be routed through your personal DNS server regardless of the DNS address used by clients, but it should work :)



Sounds like a great idea. Have added the rule but it's unclear if it's working as I can't readily provoke oone of the ill-behaved devices to squawk.
nslookup shows it isn't working, but that may not be conclusive.
Will continue to experiment.
Thanks for your suggestion.

Please Log in or Create an account to join the conversation.

  • markvoip
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
30 Jun 2020 12:49 #5 by markvoip
Replied by markvoip on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?

hornbyp wrote:
I take it for that scheme to work, you have to add a fake 8.8.8.8 IP address to the Pi's network interface?

(I'm interested in this, because I have noted the same issue. But just setting a static route on the 2860 to one of my DNS servers, just results in ICMP and DNS timeouts from 8.8.8.8 - to be expected, really :?: - (my DNS servers are Windows Server 2008 R2 ... a bit long in the tooth now :) ))



Correct. On the Pi (connected to the 2860 with the static route), I create a file in /etc/network/interfaces.d/ called eth0-[anything you want]
Content of that file:
auto eth0:1
iface eth0:1 inet static
address 8.8.8.8
netmask 255.255.255.255

That does the trick.

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
01 Jul 2020 03:28 #6 by hornbyp
Replied by hornbyp on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?

markvoip wrote:
Correct. On the Pi (connected to the 2860 with the static route), I create a file in /etc/network/interfaces.d/ called eth0-[anything you want]

//etc//

That does the trick.



Very clever - why didn't I think of it? :lol:

(What I actually did, was block Port 53 outbound unless it was from my local DNS Servers, or was going to OpenDNS - since my DNS servers use OpenDNS as forwarder(s). I added an exception for my I.O.T. & 'Media Devices' LANS.

As you did on the Pi, it would be simple to add 8.8.8.8 to one of my DNS servers and 8.8.4.4 to the other. I would just have to get out of the habit I've acquired, of using "Ping 8.8.8.8" as my first test of "is the internet working?" :wink:

I've been having (another) play with the "Conditional DNS forwarding" a.k.a Transparent DNS Proxy. I've really not grasped the concept of how it's supposed to be configured - and the manual and online docs. are just confusing the issue at the moment.

In one breathe, it seems to be suggesting you use it to modify individual lookups ... similar to adding entries to a 'hosts' file. But, it also suggests that the DNS lookup gets 'forwarded' elsewhere. Is that as well, or instead? ... and what happens if that DNS Server passes the request to the outside world? (via the Vigor) ... does it get intercepted again and looped around? :?

Please Log in or Create an account to join the conversation.