DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?

  • markvoip
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
04 Jul 2020 17:26 #7 by markvoip
Replied by markvoip on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?

hornbyp wrote:
I've been having (another) play with the "Conditional DNS forwarding" a.k.a Transparent DNS Proxy. I've really not grasped the concept of how it's supposed to be configured - and the manual and online docs. are just confusing the issue at the moment.

In one breathe, it seems to be suggesting you use it to modify individual lookups ... similar to adding entries to a 'hosts' file. But, it also suggests that the DNS lookup gets 'forwarded' elsewhere. Is that as well, or instead? ... and what happens if that DNS Server passes the request to the outside world? (via the Vigor) ... does it get intercepted again and looped around? :?



Same here. I can see it working if you were running a genuine DNS that could resolve internally, but if you need to forward a request up-stream, why wouldn't that get looped back.. and back...
Been a bit lazy and haven't tested that yet.
I don't find Draytek manuals terribly helpful. I accept the following is not entirely correct, but they do rather follow the model:
"Conditional DNS forwarding". If you tick this box it enables Conditional DNS forwarding.
Thank you. I am none the wiser.
But to be fair, they're not intended to be training manuals.

Please Log in or Create an account to join the conversation.

More
20 Jul 2020 12:08 #8 by admin
Replied by admin on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?

markvoip wrote: Panasonic TV and some Honeywell iot devices ignore the DHCP DNS offered by my Vigor 2762 and use a hard-coded DNS of 8.8.8.8



Outrageous ! It should be yup to you whether you provide telemetry/usage data to Google !

Forum Administrator

Please Log in or Create an account to join the conversation.

  • markvoip
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
09 Dec 2020 15:04 #9 by markvoip
Replied by markvoip on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?
After a break, revisiting this subject.

I never got anywhere with Conditional DNS Forwarding, although that could have been because I didn't grasp the concept.

However, I have solved my problem, which was how to add a Static Route on the 2762, which unlike the 2862, does not have a Routing/Statci Route option in the GUI.

Just needed to use the command line Console (ssh would have done).

ip route add 8.8.8.8 255.255.255.255 192.168.1.3 static

...was all it took, to forcibly route ill-behaved devices using hard-coded dns to my pi-hole (on the later ip)

Seems to be job done.

Please Log in or Create an account to join the conversation.

More
27 Dec 2020 02:32 #10 by madexmatt
Replied by madexmatt on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?
Guys look up DOH...

Please Log in or Create an account to join the conversation.

More
20 May 2021 11:31 #11 by pharcyder
Replied by pharcyder on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?
Seconded - I use PiHoles with Unbound (installed on the same box) configured to use DoT to Cloudfare's service.

With DNS Conditional Forwarding enabled on my 2865, I've configured all DNS traffic on devices that don't honour the DHCP scope are now captured and pushed to my PiHoles. PiHoles are configured to forward its requests to the locally installed Unbound instances which in turn forwards that lookup to Cloudfare over DoT. That means the 2865 doesn't capture the traffic as its not on port 53 and so it avoids the DNS loops discussed above.

Please Log in or Create an account to join the conversation.

  • tomek
  • User
  • User
More
19 Oct 2021 20:21 #12 by tomek
Replied by tomek on topic Re: 2762: How to intercept hard-coded DNS to 8.8.8.8 and redirect?

pharcyder wrote:
Seconded - I use PiHoles with Unbound (installed on the same box) configured to use DoT to Cloudfare's service.

With DNS Conditional Forwarding enabled on my 2865, I've configured all DNS traffic on devices that don't honour the DHCP scope are now captured and pushed to my PiHoles. PiHoles are configured to forward its requests to the locally installed Unbound instances which in turn forwards that lookup to Cloudfare over DoT. That means the 2865 doesn't capture the traffic as its not on port 53 and so it avoids the DNS loops discussed above.



Are you able to elaborate on this a little? As far as I can see I have exactly the same setup - a 2865 and a Pi-Hole with Unbound set to forward TLS upstream, but if I enable Conditional Forwarding and then do nslookup bbc.co.uk 8.8.8.8 it just times out. I can see the router is intercepting it and making the request to my Pi-Hole, but the answer doesn't seem to get back to the computer. Many thanks!

Please Log in or Create an account to join the conversation.