Block DNS from specific device

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Block DNS from specific device

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Block DNS from specific device
Block DNS from specific device
2020-04-05 14:34:50 - last edited 2020-04-05 16:09:01
Model: Archer A9  
Hardware Version: V5
Firmware Version: 1.2.4 Build 20190403 rel.63869

Hi

 

I was wondering if I could specifically block a device (Chromcast wired) on my network

from using their hardcoded DNS (8.8.8.8 maybe somtimes 8.8.8.4?)
so that it will have to go through my DHCP set DNS (running AdGuard on Hassio OS)

 

couldn't find any firewall settings for this and my searches didn't have anything about device specific DNS blocks

 

or if you could think of any other smart way of forcing it to go through my PI DNS

 

cheers

  0      
  0      
#1
Options
1 Accepted Solution
Re:Block DNS from specific device-Solution
2020-04-05 14:52:54 - last edited 2020-04-05 16:09:01

@121e6af7 Set a static route in advanced routing section of the router (I hope A9 has that feature)

 

One for 8.8.8.8 and another for 8.8.4.4.

 

 

Recommended Solution
  0  
  0  
#2
Options
5 Reply
Re:Block DNS from specific device-Solution
2020-04-05 14:52:54 - last edited 2020-04-05 16:09:01

@121e6af7 Set a static route in advanced routing section of the router (I hope A9 has that feature)

 

One for 8.8.8.8 and another for 8.8.4.4.

 

 

Recommended Solution
  0  
  0  
#2
Options
Re:Block DNS from specific device
2020-04-05 15:40:15

@mocelet 

 

While I do have the option of setting a static route I have little knowledge of the effects

For the sake of learning would you explain what this would do and how this will prevent the device from using

its hardcoded DNS?

 

Example:

I'm using 8.8.8.8 as my primary DNS for my ipv4 settings

 

and lets say my primary DNS is 192.168.0.121 for my DHCP (this is my PI)

 

and the available static routing options I have are:

 

Network Destination: ???

Subnet Mask: 255.255.255.0

Default Gatway: 192.168.0.1

Interface: LAN

 

Shouldn't the destination XXX be my PI rather than googles DNS?

Or is static routing taking anythin from 8.8.8.8 / 8.8.4.4 and forcing it to use whatever my DHCP is configured for if it's set as destination?

 

sorry for being a noob!

  0  
  0  
#3
Options
Re:Block DNS from specific device
2020-04-05 15:49:07

@121e6af7 

 

Network Destination: 8.8.8.8

Subnet Mask: 255.255.255.255 (note the final 255 because it only applies for a specific address, not a subnet)

Default Gatway: 192.168.0.1

Interface: LAN

 

This effectively blocks the hardcoded DNS because packets going to 8.8.8.8 won't go to the Internet. Chromecast won't receive an answer from their hardcoded DNSs and theoretically will try the ones obtained from DHCP. Or that's what I read...

 

Do the same for 8.8.4.4

 

Another option if that doesn't work is putting in default gateway the IP of your local DNS server and hope that it intercepts the call and reply.

  0  
  0  
#4
Options
Re:Block DNS from specific device
2020-04-05 16:08:54
That sounds perfect! I will try this, not sure how I'll validate my results tbh other than certain ads no longer showing up when using chrome cast thanks!
  0  
  0  
#5
Options
Re:Block DNS from specific device
2020-04-05 16:18:09

@121e6af7 Cool, don't forget that devices have a DNS cache that has to be flushed, otherwise they don't even make DNS requests and get the last result from cache.

 

A quick way to know that 8.8.8.8 and 8.8.4.4 are blocked is pinging from a computer in your network, should not receive response. Of course you cannot use Google DNS in any computer now because it is blocked.

 

If it's blocked and in a couple days everything works, then it's fine. Take into account the DNS cache or you may think something works when it actually doesn't.

 

 

  0  
  0  
#6
Options