Community discussions

MikroTik App
 
boiler
just joined
Topic Author
Posts: 7
Joined: Sat Jan 21, 2023 9:33 am

Force DNS not working in mobile phones

Sat Jan 21, 2023 9:51 am

I'm trying to force DNS all my devices in my network using Pi-Hole and I've already tried all the solutions in this forum (for seven days already). They work great when used on laptops. (The latest solution I have is this video from Mikrotik: https://www.youtube.com/watch?v=EdzDCkFaskc)

But, I just can't get this working with mobile phones, e.g. Android. I can easily bypass the DNS I want to apply

Anyone knows how to force DNS the mobile phones?

The NAT rules are working on our laptops. I just want to implement it on our mobile phones

Pi-Hole Address: 192.168.5.125
Devices and Mikrotik ourter are in the same network: 192.168.5.0/24
 
reinerotto
Long time Member
Long time Member
Posts: 520
Joined: Thu Dec 04, 2008 2:35 am

Re: Force DNS not working in mobile phones

Sun Jan 22, 2023 5:09 am

There are a few issues, you have to consider, when doing this.
- Is IPv6-DNS also redirected to pi-hole ?
- Is DoH blocked ?
- Is DoT blocked ?

Nowadays, quite often DoH is used by default. Which renders the method from the video useless.
 
kangarie
just joined
Posts: 24
Joined: Mon Apr 17, 2017 7:28 am

Re: Force DNS not working in mobile phones

Sun Jan 22, 2023 7:01 am

mobile phone / mobile browser are using secure dns / private dns
 
boiler
just joined
Topic Author
Posts: 7
Joined: Sat Jan 21, 2023 9:33 am

Re: Force DNS not working in mobile phones

Sun Jan 22, 2023 7:31 am

Thanks for the reply!

Q1: We don't use iPV6 in our country so I'm not sure if our devices would use iPV6 DNS. But I'll try to dig some guides just in case
Q2 and Q3: Have not considered doing this. I'll do some research
 
boiler
just joined
Topic Author
Posts: 7
Joined: Sat Jan 21, 2023 9:33 am

Re: Force DNS not working in mobile phones

Sun Jan 22, 2023 7:33 am

mobile phone / mobile browser are using secure dns / private dns
Yeah, I'm aware of this, but I'm looking for solutions on the router level
 
reinerotto
Long time Member
Long time Member
Posts: 520
Joined: Thu Dec 04, 2008 2:35 am

Re: Force DNS not working in mobile phones

Sun Jan 22, 2023 7:43 am

You "simply" have to block all the IPs of the well-known DoH or DoT servers on the router, to force the usage of simple DNS.
Still a small loophole, in case somebody runs his private DoH-server, though. Or your list of well-known Doh/DoT-Servers is incomplete; requires regular updates, of course.
 
boiler
just joined
Topic Author
Posts: 7
Joined: Sat Jan 21, 2023 9:33 am

Re: Force DNS not working in mobile phones

Sun Jan 22, 2023 12:06 pm

You "simply" have to block all the IPs of the well-known DoH or DoT servers on the router, to force the usage of simple DNS.
Still a small loophole, in case somebody runs his private DoH-server, though. Or your list of well-known Doh/DoT-Servers is incomplete; requires regular updates, of course.
And it works!!! Thank you for suggesting

I followed this guide here: https://github.com/ncravino/mikrotik_en ... _block_doh and added the IPs of the listed DoH servers in Mikrotik

I noticed, though, that the filter rule does not work. So I tried NAT and viola, it redirects to my Pi-Hole!

And this even bypassing the DNS servers (edit: I mean, Pi-Hole)

I'll observe this in the coming days, but so far, the steps I made to bypass before are not working. They are redirected to Pi-Hole
 
reinerotto
Long time Member
Long time Member
Posts: 520
Joined: Thu Dec 04, 2008 2:35 am

Re: Force DNS not working in mobile phones

Mon Jan 23, 2023 3:02 am

I did something very similar, running openwrt on a mikrotik, to include customized DNS-server/recursor, similar to pi-hole, in same box.

Who is online

Users browsing this forum: VinceKalloe and 48 guests