Like others I found a few normal query blocked due to this as well.It actually blocks the character 65, so it also blocks dns queries with a total length of 65 lol.
It seems better to create custom firmware using the source below.
GitHub - rozahp/dnsmasq: This repo has moved to https://github.com/rozahp/dnsmasq-patch
This repo has moved to https://github.com/rozahp/dnsmasq-patch - rozahp/dnsmasqgithub.com
How do I add new addn-hosts in /tmp/etc/dnsmasq.conf? I am not sure if this is worth the effort. For some the list may grow too long to maintain. Or is there any other workaround?
Edit: I managed to add it in dnsmasq.add. But it is not working actually. It might be cache or I mistakenly removed the iptables when I tested it.
Update: Looking at the packet, DNS query type 65 is highlight in blue "00 41". It has "00" in front and follow by query Class Internet which has a hex value of "00 01". I extend the iptables hex string from "|000041|" to "|0000410001|". So it has to be more specific match to get rejected by iptables. The few sites that were not loading before are working now.
Below is a sample of type A DNS query which happens to have an ip lengh of 65 (0x0041 in hex) that matches the iptables reject rule. Original rules only matches 6 hex digits (000041). As a result, this non type 65 query packet gets dropped.
With the new hex string in the iptables reject rule of "0000410001", it has to match 10 hex digits. Meaning this includes length and identification id. In this sample, the hex is "0000410e96" which does not match "
0000410001" and will not be rejected by the rule.
Edited to obsfucate router mac address.
Last edited: