- Joined
- Sep 16, 2018
- Messages
- 34,962
- Reaction score
- 11,654
OpenWRT has quite detailed documentation about DNS Hijacking, including blocking DoT providers.
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns#dns_over_https
However, at least I was not able to get it working properly last time I tried it. It is one of the areas I prefer pfSense over OpenWRT. pfSense just works. OpenWRT does not. And it usually comes to my fault in the end as I am not an experienced OpenWRT user (one example is Dual WAN setup). But again I am not an experienced pfSense user either but I just feel pfSense to be much easier than OpenWRT when it comes to more complex topic (like Wireguard and OpenVPN setup, dual WAN setup, and more complex firewall rules).
It seems to me I have to use the static route to sink hole Google DNS (8.8.8.8 and 8.8.4.4) to make it work for OpenWRT, just like what I did for the Asus RT-AX82U.
Current working configurations: I can confirm that Pi-hole is the DNS used by the Realme phone and not Google DNS, Ad blocking test will be 100%.
1) Realme X50 5G Android phone use default "Auto" setting for the Private DNS (DoT) and Mobole Chrome browser Secure DNS (DoH)
2) OpenWRT LAN DHCP DNS set to Pi-hole DNS (192.168.28.254 in my case); I also set the WAN DNS to a cloud instance of Pi-hole (not necessary, probably can use the same local Pi-hole DNS).
3) OpenWRT static route rule to sink hole Google DNS (apparently the above rules do not work well so that I still need this static route rule)
Last edited: