What's new

Blocking hardcoded dns to specific dns address

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Swistheater

Very Senior Member
Okay, so I know how dnsfilter works, but I simply want to only block outbound dns for a specific device. It uses 1.1.1.1 for dns connections. I am attempting to prevent the device from dialing home. What are some user suggestions?
 
Are you still talking about DNS servers or something else?
DNS blocking techniques on merlin

This is my first thought:
iptables -A INPUT -s Device-ip -p tcp –destination-port 53 -j DROP
iptables -A INPUT -s device-ip -p udp –destination-port 53 -j DROP
 
I haven't ventured to look at network service filter as an option, but can it be used to do the same thing?
 
Why not just block all internet access for the device in question rather than creating some convoluted DNS blocking. I still don't know what your IPv6 comment was regarding.
 
Why not just block all internet access for the device in question rather than creating some convoluted DNS blocking. I still don't know what your IPv6 comment was regarding.
Really my goal is just to prevent the device from making phoning home. Would you use network service filter for this? And it wasn't convoluted. It was merely asking if I did as dave suggested and used dns filter to redirect the traffic to a dummy ip, how would I do the same for ipv6 since the dnsfilter only incompass ipv4 traffic.
 
Really my goal is just to prevent the device from making phoning home. Would you use network service filter for this? And it wasn't convoluted. It was merely asking if I did as dave suggested and used dns filter to redirect the traffic to a dummy ip, how would I do the same for ipv6 since the dnsfilter only incompass ipv4 traffic.

Maybe use Skynet IoT blocking?
 
Do you have an IPv6 internet service? If not then just block it using the option in the Client Status list.
 
Another alternative I've used for devices that need access to the Internet, but that I still want to prevent phoning home, is to see where they connect when phoning home and then block the entire IP block for that device. For example, if I want to block my Roku from phoning home I just enter something like:

Code:
iptables -A OUTPUT -s 192.168.1.2 -d 34.192.0.0/10 -j DROP
 
Another alternative I've used for devices that need access to the Internet, but that I still want to prevent phoning home, is to see where they connect when phoning home and then block the entire IP block for that device. For example, if I want to block my Roku from phoning home I just enter something like:

Code:
iptables -A OUTPUT -s 192.168.1.2 -d 34.192.0.0/10 -j DROP
I believe you would have to use the FORWARD chain not the OUTPUT chain. It would also have to be inserted (-I) rather than appended (-A).
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top