Forward all DNS requests to another DNS

  • I've got a Roku 3 on my home LAN and want to ensure any and all requests it (or its apps) tries to make to google's DNS ( and are instead redirected to my ISP's DNS addresses.

    I don't want to block the query totally i.e. the Roku needs to think it has made contact with, without a "no reply" type message.
    How I think I've done this correctly is to redirect all DNS requests for the Roku ( to my pfSense box ( using the instructions here:

    My resulting NAT rule is as follows:```

    If: LAN
    Proto: TCP/UDP
    Src ports: *
    Dest addr: ! LAN address
    Dest. ports: 53 (DNS)
    NAT IP:
    NAT ports: 53 (DNS)
    Descripion: Redirect Roku DNS

    PfSense is currently set up to serve my ISP DNS addresses to the Roku under "Services > DHCP > Edit Static mapping"
    Question: is this achieving what I think it is i.e. if the Roku at, or an app on it, queries then it instead gets a reply from xx.xx.xx.xx from my static mapping which it can't distinguish from
    An ip tables way of doing this would be:

    iptables -t nat -A PREROUTING -d -j DNAT —to-destination xx.xx.xx.xx

  • Wonderful thing, Google. I just typed in 'roku 3 dns change' and came up with this:

  • @muswellhillbilly:

    Wonderful thing, Google. I just typed in 'roku 3 dns change' and came up with this:

    Yes, thanks - that thread outlines the issues with Roku and DNS requests, and is in line with my own google-fu. It highlights why I am aiming to re-route the DNS from the Roku and ensuring if it tries to access google's DNS it instead transparently goes through my router.

    My question remains - am I doing so effectively with the set up I have outlined above?

  • LAYER 8 Netgate

    Looks good to me. will be able to access LAN address for DNS. Queries to all other DNS servers will be forwarded there too.

  • Thanks - that's reassuring :)

Log in to reply