Menu
What's new
By:
Filters Better Search

Does DNS director block port 53 and/or 853 outgoing?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

V

vmachiel

Occasional Visitor
Hi,

So I have two raspberry PI's running pihole and unbound. I have set all my devices to those IPs as DNS, and set up DNS director. Basically it blocks everything and sends it to the raspberry pis.

But I'm wondering: some clients may use hard coded DoT using port 853. Does DNS director block those and send them to my designated DNS servers? The documentation is unclear.. or maybe I missed, in that case sorry.

And what about DoH? To know what the address is to send the requests to, the client will first have to get that via a normal DNS (53) or DoT (853). I'm assuming port 53 outbound is blocks by the directory and send to the designated DNS servers? (I have known DoT address block list).

Thanks!
 
vmachiel said:
But I'm wondering: some clients may use hard coded DoT using port 853. Does DNS director block those and send them to my designated DNS servers?
Click to expand...
DNS Director drops port 853 traffic which (should) force the client to fall back to traditional (port 53) DNS, which can then be redirected.

vmachiel said:
And what about DoH?
Click to expand...
DoH is indistinguishable from other HTTPS traffic so you would have to block it by destination domain name or IP address, similar to how ad-blocking works.
 
Last edited:
vmachiel said:
So I have two raspberry PI's running pihole and unbound. I have set all my devices to those IPs as DNS, and set up DNS director. Basically it blocks everything and sends it to the raspberry pis.
Click to expand...
Just make sure DNS Director is properly setup to allow only the Raspberry Pi through (No Redirection). The way it's supposed to work (as I understand it) is that all DNS requests that tries to bypass the Raspberry Pi's will be routed to the Raspberry Pi. The Pi-Hole log should show the router as the source when the routing happens.

An old example of how to use DNS Director with Raspberry Pi's (Pi-Hole/Unbound) at this post:
https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319
 
ColinTaylor said:
DNS Director drops port 853 traffic which (should) force the client to fall back to traditional (port 53) DNS, which can then be redirected.


DoH is indistinguishable from other HTTPS traffic so you would have to block it by destination domain name or IP address, similar to how ad-blocking works.
Click to expand...

Thanks, I have those destination domains blocked (known DoH domains).

bennor said:
Just make sure DNS Director is properly setup to allow only the Raspberry Pi through (No Redirection). The way it's supposed to work (as I understand it) is that all DNS requests that tries to bypass the Raspberry Pi's will be routed to the Raspberry Pi. The Pi-Hole log should show the router as the source when the routing happens.

An old example of how to use DNS Director with Raspberry Pi's (Pi-Hole/Unbound) at this post:
https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319
Click to expand...

Thanks. I have it setup this way.

Thanks for the replies!
 
You must log in or register to reply here.

Similar threads

L
Suggestion: DNS Director, add optional compatibility with DOT
Replies
2
Views
374
Linuxer
L
V
Why is my DNS director not working?
Replies
7
Views
123
vmachiel
V
C
isp block dns over tls and poison any unencrypted dns resolution
Replies
14
Views
994
RMerlin
RMerlin
F
Experiences in Roku vs. Ad-blocking
Replies
7
Views
1K
bennor
B
A
DNS Director - Issues when using Private DNS on mobile devices
Replies
15
Views
2K
Unetwork
U
Similar threads
Thread starter Title Forum Replies Date
el_pedr0 Does ddns-start get passed IPv6? Asuswrt-Merlin 2
G Does killall networkmap still work Asuswrt-Merlin 1
orudie VPN does not auto connect after primary WAN disconnects and Secondary WAN becomes active. When primary WAN reconnects again then VPN auto reconnects Asuswrt-Merlin 6
K Solved "Block internet access" does nothing Asuswrt-Merlin 7
I Wireguard VPN client does not autostart after reboot Asuswrt-Merlin 2
J Does Asuswrt-Merlin support AiMesh over Wifi? Asuswrt-Merlin 4
M RT-AX88U_PRO Traffic Monitor does not work Asuswrt-Merlin 6
Q Does merlin reset router when assigning DHCP manual IP by MAC? Asuswrt-Merlin 11
JGrana Question - How Does Wireless Log determine Connected time? Asuswrt-Merlin 25
L DFS - Wireless Log - What does "Time elapsed" mean? Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 439 (members: 17, guests: 422)
Top