Block DNS from specific device
Hi
I was wondering if I could specifically block a device (Chromcast wired) on my network
from using their hardcoded DNS (8.8.8.8 maybe somtimes 8.8.8.4?)
so that it will have to go through my DHCP set DNS (running AdGuard on Hassio OS)
couldn't find any firewall settings for this and my searches didn't have anything about device specific DNS blocks
or if you could think of any other smart way of forcing it to go through my PI DNS
cheers
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@121e6af7 Set a static route in advanced routing section of the router (I hope A9 has that feature)
One for 8.8.8.8 and another for 8.8.4.4.
- Copy Link
- Report Inappropriate Content
@121e6af7 Set a static route in advanced routing section of the router (I hope A9 has that feature)
One for 8.8.8.8 and another for 8.8.4.4.
- Copy Link
- Report Inappropriate Content
While I do have the option of setting a static route I have little knowledge of the effects
For the sake of learning would you explain what this would do and how this will prevent the device from using
its hardcoded DNS?
Example:
I'm using 8.8.8.8 as my primary DNS for my ipv4 settings
and lets say my primary DNS is 192.168.0.121 for my DHCP (this is my PI)
and the available static routing options I have are:
Network Destination: ???
Subnet Mask: 255.255.255.0
Default Gatway: 192.168.0.1
Interface: LAN
Shouldn't the destination XXX be my PI rather than googles DNS?
Or is static routing taking anythin from 8.8.8.8 / 8.8.4.4 and forcing it to use whatever my DHCP is configured for if it's set as destination?
sorry for being a noob!
- Copy Link
- Report Inappropriate Content
Network Destination: 8.8.8.8
Subnet Mask: 255.255.255.255 (note the final 255 because it only applies for a specific address, not a subnet)
Default Gatway: 192.168.0.1
Interface: LAN
This effectively blocks the hardcoded DNS because packets going to 8.8.8.8 won't go to the Internet. Chromecast won't receive an answer from their hardcoded DNSs and theoretically will try the ones obtained from DHCP. Or that's what I read...
Do the same for 8.8.4.4
Another option if that doesn't work is putting in default gateway the IP of your local DNS server and hope that it intercepts the call and reply.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@121e6af7 Cool, don't forget that devices have a DNS cache that has to be flushed, otherwise they don't even make DNS requests and get the last result from cache.
A quick way to know that 8.8.8.8 and 8.8.4.4 are blocked is pinging from a computer in your network, should not receive response. Of course you cannot use Google DNS in any computer now because it is blocked.
If it's blocked and in a couple days everything works, then it's fine. Take into account the DNS cache or you may think something works when it actually doesn't.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3604
Replies: 5
Voters 0
No one has voted for it yet.