I would like my router(192.168.1.1) to trap every DNS request in my network(192.168.1.0/24) and forward it to pi-hole(192.168.1.2)... The only device on my network that should request an external DNS is pi-hole!
Actual Behaviour:
I'm actually not sure about my iptables rules... I'm not sure because i don't want to trap the pi-hole request, i want to trap "everything except pi-hole" dns request... My problem with this is the pi-hole request has to get out. I fear that i could create a loop with those rules where everything is sent to 192.168.2.1... Is the request from 192.168.1.2 will be sent to 192.168.1.2 ?
DHCP is set to force 192.168.2.1 as dns server... But devices are free So they can set the dns manually. I want to avoid that freedom, it's my network!
Well, i have two teenagers at home that share the guest wifi password... I don't know what are these devices, i don't control them, but still, i want to control what i can
I saw at least one of them using another DNS then the one that is given by my DHCP server.
With the iptables rules mentionned, I can force the dns to be mine and control some stuff...
In my case, pi-hole isn't only to reduce ads, but also, a good way to trap things that shouldn't happen on my network from guests in my home
If "https-everywhere" wasn't a good thing that needs to happen, Squid would be installed on my Pi-hole server to also logs web request.
The teenagers in my home and their friends still doesn't know vpn... for now
