Pardon my newbiness lol I got a pi and pihole setup and have noticed my google mini are not using the cloud flare dns servers allocated in the pihole...there’s a way to block google dns (which I assume the google mini is hardwired to use?) within iptables ?
You have to block p53 to non-Pihole IPs at your router
Pi-hole is only receiving DNS traffic.
It could block DNS resolution for a DNS server name like dns.google.com.
If a device would contact DNS servers by hardcoded IP addresses, there wouldn't be any DNS resolution involved. Neither Pi-hole nor the machine hosting Pi-hole will see any of the associated traffic.
If you want to block traffic to a specific IP address, you'd have to configure your firewall accordingly, i.e. on your router or a dedicated firewall device in your network.
Like already mentioned you can block port 53 in your router.
If your Router doesn't support this, you can route the traffic of your Home Mini trough your RPi and block forwarding requests to port 53. If it can reach its desired DNS servers is most likely gonna fall back to the DHCP advertised.
If you are routing its traffic trough your RPi you can also redirect them, which would solve the (very unlikely) case of a hardcoded IP.
If your Home Mini is using DoH or DoT you can block the domains in PiHole and restart your Home Mini to flush its DNS cache.
Something you can try first is to edit your DHCP config and replace dhcp-option by dhcp-option-force.
If you block all DoH domains and/or IPs coded into the device, it can't reach them and is most likely going to fall back the the DHCP advertised.
On my Chromecast I just had to block dns.google.com.
A more graceful method is to "redirect", not "block".
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.