I've previously used the DNS Filtering to redirect client DNS requests to various servers without needing to bother to change the IP that DNSMasq serves up without any problems. Client machines do not appear to notice that their requests are being redirected - which is exactly what you want to occur.
Investigating a more rigorous solution to block banner ads at the DNS level, I'm running a Pi-Hole server on the local network (in a nut shell, this DNS server responds to domain IP lookup requests for 'annoying_ad_server.com' as the local address of the Pi-Hole server and then serves up a blank page when it is requested by the client). To date, this works well.
I've wanted to use the existing DNS Filtering functionality so that I can easily switch between various DNS servers while I test and configure the Pi-Hole.
At the moment, DNSMasq serves up 192.168.1.1 as the DNS server for all clients via DHCP. Using DNS Filter to redirect requests to OpenDNS (208.67.222.222), there are no problems. As soon as I redirect the requests to a the local Pi-Hole server, 192.168.1.10, I am presented with the following problem.
This issue does not affect browsing, however it affects commend lines tools such as 'dig', 'host', 'nslookup', etc. This error is not presented when I redirect to OpenDNS or other external DNS servers.
To try and resolve this at the router level using iptables, I've tried various rules inserted into the PREROUTING and POSTROUTING chains with both SNAT and/or DNAT targets set to change the source/destination IP. However this has not worked - perhaps because not all local traffic is routed through iptables?
There are ways to individually assign a DNS server to unique clients via DNSMasq, however this would require being managed through 'jffs/configs/dnsmasq.conf.add' rather than the existing DNS Filter interface.
I'd appreciated any thoughts or ideas how this matter could be addressed.
Investigating a more rigorous solution to block banner ads at the DNS level, I'm running a Pi-Hole server on the local network (in a nut shell, this DNS server responds to domain IP lookup requests for 'annoying_ad_server.com' as the local address of the Pi-Hole server and then serves up a blank page when it is requested by the client). To date, this works well.
I've wanted to use the existing DNS Filtering functionality so that I can easily switch between various DNS servers while I test and configure the Pi-Hole.
At the moment, DNSMasq serves up 192.168.1.1 as the DNS server for all clients via DHCP. Using DNS Filter to redirect requests to OpenDNS (208.67.222.222), there are no problems. As soon as I redirect the requests to a the local Pi-Hole server, 192.168.1.10, I am presented with the following problem.
running 'dig google.com' at the command line from a client I receive:
;; reply from unexpected source: 192.168.1.10#53, expected 192.168.1.1#53
;; reply from unexpected source: 192.168.1.10#53, expected 192.168.1.1#53
This issue does not affect browsing, however it affects commend lines tools such as 'dig', 'host', 'nslookup', etc. This error is not presented when I redirect to OpenDNS or other external DNS servers.
To try and resolve this at the router level using iptables, I've tried various rules inserted into the PREROUTING and POSTROUTING chains with both SNAT and/or DNAT targets set to change the source/destination IP. However this has not worked - perhaps because not all local traffic is routed through iptables?
There are ways to individually assign a DNS server to unique clients via DNSMasq, however this would require being managed through 'jffs/configs/dnsmasq.conf.add' rather than the existing DNS Filter interface.
I'd appreciated any thoughts or ideas how this matter could be addressed.
