Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Forward all 8.8.8.8 DNS requests to another DNS

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 3 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sos
      last edited by

      I've got a Roku 3 on my home LAN and want to ensure any and all requests it (or its apps) tries to make to google's DNS (8.8.8.8 and 8.8.4.4) are instead redirected to my ISP's DNS addresses.

      I don't want to block the query totally i.e. the Roku needs to think it has made contact with 8.8.8.8, without a "no reply" type message.
      How I think I've done this correctly is to redirect all DNS requests for the Roku (192.168.1.6) to my pfSense box (192.168.1.1) using the instructions here:
      https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

      My resulting NAT rule is as follows:```

      If: LAN
      Proto: TCP/UDP
      Src:192.168.1.6
      Src ports: *
      Dest addr: ! LAN address
      Dest. ports: 53 (DNS)
      NAT IP: 192.168.1.1
      NAT ports: 53 (DNS)
      Descripion: Redirect Roku DNS

      
PfSense is currently set up to serve my ISP DNS addresses to the Roku under "Services > DHCP > Edit Static mapping"

Question: is this achieving what I think it is i.e. if the Roku at 192.168.1.6, or an app on it, queries 8.8.8.8 then it instead gets a reply from xx.xx.xx.xx from my static mapping which it can't distinguish from 8.8.8.8?

An ip tables way of doing this would be:

      iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT —to-destination xx.xx.xx.xx

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        Wonderful thing, Google. I just typed in 'roku 3 dns change' and came up with this:

        https://www.reddit.com/r/Roku/comments/32s3zj/modify_dns_on_roku3/

        1 Reply Last reply Reply Quote 0
        • S
          sos
          last edited by

          @muswellhillbilly:

          Wonderful thing, Google. I just typed in 'roku 3 dns change' and came up with this:

          https://www.reddit.com/r/Roku/comments/32s3zj/modify_dns_on_roku3/

          Yes, thanks - that thread outlines the issues with Roku and DNS requests, and is in line with my own google-fu. It highlights why I am aiming to re-route the DNS from the Roku and ensuring if it tries to access google's DNS it instead transparently goes through my router.

          My question remains - am I doing so effectively with the set up I have outlined above?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Looks good to me.

            192.168.1.6 will be able to access LAN address for DNS. Queries to all other DNS servers will be forwarded there too.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • S
              sos
              last edited by

              Thanks - that's reassuring :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.