How to force some client on my router to use DNSmasq ONLY

sam1275tom

Reputable
Oct 13, 2014
462
0
4,860
Hello guys, I want force a client to use DNSmasq on my DD-WRT router, I think I can block outgoing traffic to port 53 for that client to prevent it from using another public DNS, how can I do that while allow it access the router's port 53?

Sorry about asking all DD questions on tom, but I can't pass any captcha on the DD forum, I can't even send the admin a email for help.
 
Solution
Not a dd user but this should be similar to how firewall rules are processed on other platforms.

Rules in firewalls are usually processed top-down. So the first rule takes precedence over subsequent rules.

What you need to do is to allow clients access to dns port on the firewall local interface IP. Then block dns port to all (any) IP address after that.

Dreamslacker

Honorable
Oct 23, 2014
53
0
10,660
Not a dd user but this should be similar to how firewall rules are processed on other platforms.

Rules in firewalls are usually processed top-down. So the first rule takes precedence over subsequent rules.

What you need to do is to allow clients access to dns port on the firewall local interface IP. Then block dns port to all (any) IP address after that.
 
Solution

sam1275tom

Reputable
Oct 13, 2014
462
0
4,860


Thank you, this is interesting, if this really works, I'll be able to do many things that I think impossible with firewall before!
 
Be aware forcing a dns server does not restrict the end users much if that is your goal. There are DNS servers that run on other ports and you of course can run it though VPN. And no matter how hard you try you can't stop the user who is willing to go to the trouble of putting entries in the host table.
 

sam1275tom

Reputable
Oct 13, 2014
462
0
4,860


Thank you, that user is not knowledgeable at computer, but he uses lots of bad software and other people cannot even browse web normally, some of his disgusting "assistant" software maybe able to change the DNS or IP settings if it think the internet is abnormal, but I don't think he is able to use VPN or other things to bypass.