Redirect Domains and DNS using DD-WRT
You want to ensure that a particular (or any or all) URL redirects to a certain device on your network (like many wifi hotspots redirect to themselves).
Furthermore, if the user has configured their computer to use OpenDNS (126.96.36.199, 188.8.131.52), Google DNS (184.108.40.206, 220.127.116.11), or another free dns provider, perhaps the fastest one, you'd still like to redirect them.
- using dd-wrt such as WRT54G-TM, RT-N16, or any linux device with some network cards
- override normal DNS results
- redirect custom DNS queries
- You want to pull an April Fool's prank on your friend
- You want to steal credit card info from neighbors that shop through Amazon on your router
- You're working with a very specific combination of systems and know that the end-user can't remember IP addresses well.
All of these settings are given with the assumption that you have a fresh install of DD-WRT with the default options.
If that's not the case, hopefully you're familiar enough with DD-WRT to know that you need to turn on DNSMasq, etc, if you've turned them off.
Instead of the cliche
domain.tld, here I'm using
foobar3000.com, which is a real test site.
For this example we need
- known-good IP addresses that are likely to stick around
- some test site(s)
- DNSMasq redirections
The big boys
Google - 18.104.22.168 Yahoo! - 22.214.171.124 (ugly) Bing - 126.96.36.199 Amazon - 188.8.131.52 Facebook - 184.108.40.206 Wikipedia - 220.127.116.11 (ugly) Craigslist - 18.104.22.168
Foobar3000 - 109 169 56 223 HelloWorld3000 - 109 169 56 223 example.com - N/A example.org - N/A
Services -> Services -> DNSMasq: http://192.168.1.1/Services.asp
address=/echo.foobar3000.com/22.214.171.124 address=/.foobar3000.com/126.96.36.199 address=/foobar3000.com/188.8.131.52 address=/.com/184.108.40.206 address=/#/220.127.116.11
Once saved and applied, this behavior can be expected:
109 169 56 223 <- nslookup hello.echo.foobar3000.com 69 63 189 11 <- nslookup echo.foobar3000.com 72 21 211 176 <- nslookup hello.foobar3000.com 65 55 175 254 <- nslookup foobar3000.com 67 195 160 76 <- nslookup example.com 74 125 224 81 <- nslookup example.org
So that works pretty well if the user is using the router's DNS, however, there are many circumstances where that isn't the case - either for performance or to circumvent a security policy.
Note: test first with
Run Commands, then
Save Startup if it actually works as you expect.
Administration -> Commands -> Command Shell: http://192.168.1.1/Diagnostics.asp
Or login to the router
telnet 192.168.1.1 # username:root password:admin
To disable DNS completely:
iptables -I FORWARD 1 -p tcp --dport 53 -j DROP iptables -I FORWARD 2 -p udp --dport 53 -j DROP iptables -L # shows table
To redirect DNS to the router:
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr) iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr) iptables -t nat -L -v -n # shows nat table
Note: I didn't always have success with
Run Commands, but going in through
telnet worked quite well.
Set router DNS
In case the router isn't going to be set up with DHCP you may want to provide backup DNS.
Setup -> Basic Setup -> Network Setup -> Network Address Server Settings (DHCP):
Static DNS 1 0.0.0.0 Static DNS 2 18.104.22.168 Static DNS 3 22.214.171.124
Note: 0.0.0.0 means to use the default address obtained through DHCP (from the larger network / ISP to the router). Google's DNS (126.96.36.199, 188.8.131.52) provides a reliable alternative for non-DHCP network setups.
Services -> Services -> DHCP Server -> Additional DHCPd Options:
This means that the DNS entries are tried in order (0.0.0.0 aka the default from the ISP will be first)
Once you save and apply this is the behaviour you can expect:
Laptop Mode Router Mode End-user Result DHCP DHCP Gets ISP DNS (normal, as expected) DHCP static Gets Google DNS since the ISP failed to provide one static DHCP User's DNS is hijacked and replaced with the ISP DNS static static User's DNS is hijacked and replaced with Google DNS
In every case, the domains that you have overridden are served with the IP address you specified.
It would be nice to be able to restore the custom DNS settings of a particular user once the desired redirects have happened.
I don't know how that would be possible without sizeable effort.
In no particular order of easiness or importance:
By AJ ONeal
Did I make your day?
Buy me a coffee