HELLO_wORLD
Very Senior Member
Hi,
I currently have a NAS with a DNS server (mostly for DNS cache, local domains, and an ad-blocking sinkhole system).
The DNS server points to the router’s Stubby as its resolver for encrypted DNS to WAN.
I use DHCP (v4 and v6) to advertise to my LAN my NAS as the DNS resolver, and the router (Stubby) as my secondary one.
It works well for a long time now.
My iPad sometimes gets back ads after a while, and running WiFi off/on solves the problem (resetting DNS back to NAS from DHCP). I suspect it drops to resolver 2 for some reasons from time to time.
I was thinking of redirecting all DNS UDP/TCP from iPad to NAS using iptables on the router.
The IPv4 part is pretty straightforward:
With a cron job ran every minute to launch this script (if NAS DNS is down, it removes the DNS rules).
The problem is for IPv6.
ip6tables does not have the nat table (kernel 3.4.x is not supporting it, and @Voxel cannot use a more recent kernel because of NG proprietary code).
What are the solutions, if any, to redirect packets without the nat table?
I currently have a NAS with a DNS server (mostly for DNS cache, local domains, and an ad-blocking sinkhole system).
The DNS server points to the router’s Stubby as its resolver for encrypted DNS to WAN.
I use DHCP (v4 and v6) to advertise to my LAN my NAS as the DNS resolver, and the router (Stubby) as my secondary one.
It works well for a long time now.
My iPad sometimes gets back ads after a while, and running WiFi off/on solves the problem (resetting DNS back to NAS from DHCP). I suspect it drops to resolver 2 for some reasons from time to time.
I was thinking of redirecting all DNS UDP/TCP from iPad to NAS using iptables on the router.
The IPv4 part is pretty straightforward:
Code:
#!/bin/sh
exec >/dev/null 2>&1
IP4=##IPAD_IP##
DNS4=##NAS_IP##
DNS_RULE1="PREROUTING -i br0 -s $IP4 -p udp --dport 53 -j DNAT --to $DNS4:53"
DNS_RULE2="PREROUTING -i br0 -s $IP4 -p tcp --dport 53 -j DNAT --to $DNS4:53"
if /usr/bin/nslookup my-domain.fr $DNS4; then
iptables -w -t nat -C $DNS_RULE1 || iptables -w -t nat -A $DNS_RULE1
iptables -w -t nat -C $DNS_RULE2 || iptables -w -t nat -A $DNS_RULE2
else
iptables -w -t nat -D $DNS_RULE1
iptables -w -t nat -D $DNS_RULE1
fi
The problem is for IPv6.
ip6tables does not have the nat table (kernel 3.4.x is not supporting it, and @Voxel cannot use a more recent kernel because of NG proprietary code).
What are the solutions, if any, to redirect packets without the nat table?