Forward all 8.8.8.8 DNS requests to another DNS



  • I've got a Roku 3 on my home LAN and want to ensure any and all requests it (or its apps) tries to make to google's DNS (8.8.8.8 and 8.8.4.4) are instead redirected to my ISP's DNS addresses.

    I don't want to block the query totally i.e. the Roku needs to think it has made contact with 8.8.8.8, without a "no reply" type message.
    How I think I've done this correctly is to redirect all DNS requests for the Roku (192.168.1.6) to my pfSense box (192.168.1.1) using the instructions here:
    https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

    My resulting NAT rule is as follows:```

    If: LAN
    Proto: TCP/UDP
    Src:192.168.1.6
    Src ports: *
    Dest addr: ! LAN address
    Dest. ports: 53 (DNS)
    NAT IP: 192.168.1.1
    NAT ports: 53 (DNS)
    Descripion: Redirect Roku DNS

    
    PfSense is currently set up to serve my ISP DNS addresses to the Roku under "Services > DHCP > Edit Static mapping"
    
    Question: is this achieving what I think it is i.e. if the Roku at 192.168.1.6, or an app on it, queries 8.8.8.8 then it instead gets a reply from xx.xx.xx.xx from my static mapping which it can't distinguish from 8.8.8.8?
    
    An ip tables way of doing this would be:
    

    iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT —to-destination xx.xx.xx.xx



  • Wonderful thing, Google. I just typed in 'roku 3 dns change' and came up with this:

    https://www.reddit.com/r/Roku/comments/32s3zj/modify_dns_on_roku3/



  • @muswellhillbilly:

    Wonderful thing, Google. I just typed in 'roku 3 dns change' and came up with this:

    https://www.reddit.com/r/Roku/comments/32s3zj/modify_dns_on_roku3/

    Yes, thanks - that thread outlines the issues with Roku and DNS requests, and is in line with my own google-fu. It highlights why I am aiming to re-route the DNS from the Roku and ensuring if it tries to access google's DNS it instead transparently goes through my router.

    My question remains - am I doing so effectively with the set up I have outlined above?


  • Netgate

    Looks good to me.

    192.168.1.6 will be able to access LAN address for DNS. Queries to all other DNS servers will be forwarded there too.



  • Thanks - that's reassuring :)