is it possible to redirect a hard-coded request from an app (Netflix) on 8.8.8.8 to pihole?
My router is a FritzBox. What information is still required?
Greetings Steffen
You have this posted in both the German and English forums. Which post do you wish to keep?
i think is better in english for more request. I only made up my apology afterwards. Excuse me.
greetings Stefenzo
No problem.
Yes, this can be done through static routes in your FritzBox. First go to AVM Service, find your model and search the "Wissensdatenbank" (knowledege base) for "statische Route". This page has directions how to find the option that allows you to create static routes.
There are three fields that need to be filled.
- Netzwerk: google DNS IP
- Subnetzmaske: 255.255.255.255
- Gateway: your pi hole's IP
You should make two static routes, one for 8.8.8.8 (primary Google DNS) and one for 8.8.4.4 (secondary Google DNS).
Thank you, for your help. I test theme tomorrow.
Thank you for your help, that sounded very good. Unfortunately, something is not working quite right.
If I enter 8.8.8.8 in the browser, I open a google page. On this one can manually make a DNS request.
I type 192.168.178.62 into the browser. I get a side of my pi-hole
So I give it as a static route
Network 8.8.8.8
Mask 255.255.255.255
Geteway 192.168.178.62
at.
now I expect that with 8.8.8.8 I will get the surface of my pi-hole.
Unfortunately, when you enter 8.8.8.8, nothing happens anymore.
Am I still doing something wrong or incomplete?
Thanks for your support
I did some testing on my end and while it blocks access to google's DNS servers, it doesn't seem to correctly forward the querries to the pihole as I had intended.
I can see all the querries made from my hardcoded devices (google home mini and chromecast) and apps in pihole's querry log since they use the DHCP supplied pihole DNS as fallback option when google's DNS servers are not reachable.
Nevertheless you should now see querries from hardcoded apps in you querry log. I am going to google a bit, but I am not a trained network expert.
I know very little about it, so I try logic. Correct me if I'm wrong. Access to ip 8.8.8.8 goes to gateway 192.168.178.1. This now knows the static route and forwards the request to the pi-hole. Does this know now that he has to answer the original client or does the pi-hole of the Fritz box answer, which cannot do anything with it and rejects it?
I have now used tcp dump to see what goes down with the pihole.
If I access 192.168.178.62, the pi hole replies to 192.168.178.70, which is ok.
If I access 8.8.8.8 the pi-hole sees that. rejects it because it is not for him. there are no answers. The static routes are normal for another router and he now knows where to forward it. but the pi-hole cannot do with packages for 8.8.8.8.
can i teach him that?
ok, with ** sudo ip addr add 8.8.8.8/24 dev eth0 ** I was able to assign 8.8.8.8 to the pi hole. he answers now. anyway i don't get the side of the pi hole. I have to test whether that works with DNS inquiries.
1 Like
yeah, it works.
pi hole answers on 8.8.8.8:53 also on 8.8.8.8:80 but not on 8.8.8.8:443 https. Presumably it fails because of the encryption.
Thank you for the help and the push in the right direction
Thanks to you aswell. I've added your findings to my configuration.
hi,
and do the same for 8.8.4.4
Have a good time
Instead of rerouting each IP address individually, you could consider to block outbound DNS traffic in your Fritzbox for all or for a selection of your devices (a while ago, I've explained that in more detail in German, see Smarthome Steckdosen im pihole - #8 by Bucking_Horn).
That would block attempts by any device in your network to access any public DNS server via port 53 DNS, leaving Pi-hole and your Fritzbox as the only operational DNS servers.
It would stop all DNS bypass attempts to public servers without having to know any IP addresses upfront, but may incapacitate those devices that insist on using a public DNS server.
I had already done that, and I'm still set that way. but made sure that Netflix no longer worked, for example, because Netflix wants to access Google dns. Feet redirect was just a successful attempt to get Netflix to work again without opening the block again.
So if I run this on my Pi-Hole, it will work w/o the settings in the router? (my router does not support catching port 53 requests, so now I've hard-blocked 8.8.8.8 and 8.8.8.4 in the router)
no, because the pi-hole never gets to see the packets on 8.8.8.8. your switch will not put you on the line to your pi-hole routes. the only solution I see is because Pi-hole with a passive tab adapter can be connected directly to the same line as the router. then he sees the packages and can react.
https://www.amazon.de/dp/B07GYWZPXG/ref=cm_sw_r_cp_apa_fabc_CHl3FbT97Q72S
But it's a dirty solution.
"sudo ip addr add 8.8.8.8/24 dev eth0" is only valid until the next restart and then has to be repeated ...
This information is incorrect.
Do not add 8.8.8.8 as an IP address to your interface. That is a bad idea.