What's new

Need help creating selective DNS routing script

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Mrflood

New Around Here
Hi Everyone,

I want my entire network to use my default DNS. Except for my ROKU wich I want to use Unblock-US.

Would the following script work. (I have reserved the DHCP address for the ROKU so it will always be 192.168.1.14) I feel I might be over complicating what I am trying to do.

Code:
#!/bin/sh

touch /tmp/000wanstarted

for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
done


## Force DNS to Unblock-Us
iptables -t nat -I PREROUTING -i br0 -s 192.168.1.114 -p udp --dport 53 -j DNAT --to 208.122.23.22
iptables -t nat -I PREROUTING -i br0 -s 192.168.1.114 -p tcp --dport 53 -j DNAT --to 208.122.23.22



exit 0


Thanks everyone for the help.
 
Wait for the next release. You will be able to use DNSFilter with a custom nameserver.
 
Hi Everyone,

I want my entire network to use my default DNS. Except for my ROKU wich I want to use Unblock-US.

Would the following script work. (I have reserved the DHCP address for the ROKU so it will always be 192.168.1.14) I feel I might be over complicating what I am trying to do.

Thanks everyone for the help.

Give this a try:

http://forums.smallnetbuilder.com/showpost.php?p=96227&postcount=2

Put in the ROKU MAC address and then what DNS you want it to use. Your network will use the default DNS and the ROKU will use the one specified in the dnsmasq.conf.
 
Thanks Lost Dog,

That worked PERFECT!! :)

It was also easier than I imagined.
 
Last edited:
Use DNS Filtering as RMerlin said. Unless something has changed with the update that you refer to?

Roku 3 is using hardcoded DNS (Google, 8.8.8.8 etc.). I'm currently away from my box, but I was wondering, if DNS Filter is enough or do I require something like
iptables -I PREROUTING -s <ip_of_roku>/32 -p udp --dport 53 -j DNAT --to <3rd_party_"unblocking"_dns>
iptables -I PREROUTING -s <ip_of_roku>/32 -p tcp --dport 53 -j DNAT --to <3rd_party_"unblocking"_dns>
that would forward everything concerning DNS from my Roku to "unblocking" DNS?

Btw., as I'm still studying this wonderful firmware - did iptables disable hw acceleration? Is the correct place to append - if i go iptables route - these to firewall or nat -script?
 
Roku 3 is using hardcoded DNS (Google, 8.8.8.8 etc.). I'm currently away from my box, but I was wondering, if DNS Filter is enough or do I require something like
iptables -I PREROUTING -s <ip_of_roku>/32 -p udp --dport 53 -j DNAT --to <3rd_party_"unblocking"_dns>
iptables -I PREROUTING -s <ip_of_roku>/32 -p tcp --dport 53 -j DNAT --to <3rd_party_"unblocking"_dns>
that would forward everything concerning DNS from my Roku to "unblocking" DNS?

That's what DNSFiltering does -it redirect DNS queries to those configured on the router. There is no way to bypass it, short of the client changing its MAC.
 
That's what DNSFiltering does -it redirect DNS queries to those configured on the router. There is no way to bypass it, short of the client changing its MAC.

There was still issues with Roku and Netflix, redirecting was not enough. I tried fiddling with iptables with nat and firewall scripts, but they were identical with DNSFiltering as you said.

I fixed this by using dnsmasq in addition to DNSFiltering. This way Roku/Netflix gets explicitly different DNSs as well.

So for those wanting to use unblock-us, unlocator (or any of these services: http://forums.redflagdeals.com/comparing-u-s-dns-services-1454278/), but only for some devices, one needs to use DNSFiltering or iptables for those devices AND dnsmasq.conf.add:

dhcp-mac=set:altdns,XX:XX:XX:XX:XX:XX
dhcp-mac=set:altdns,YY:YY:YY:YY:YY:YY
dhcp-option=tag:altdns,option:dns-server,185.37.37.37,185.37.37.185

where xx:xx... and yy:yy... are MACs of devices to affect, and 185.37.37.37 and 185.37.37.185 are the IP addresses of DNS service of your choice. Probably one would be enough.

Not sure about the specifics behind this, but this made it reliable.
 
Last edited:

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top