Redirect WAN DNS to Internal

[zbugrkx]

Hi!

I have been banging my head against this for months and hoping maybe some of the smart folks here could have an idea how to workaround it.

Despite manually setting my internal DNS servers under Internet, the UDM will also assign itself the DNS servers of my carriers that it gets via DHCP to the wan monitoring, dpinger service etc.

I currently block my carriers dns completely , using iptables (in the dns script) which causes the dashboard to show no latency etc.

I have tried all sorts of snat/dnat masquerade etc without success, closest i got would show errors about "misformated dns reply" (maybe due to wrong source/destination) ip?

Here is what i tried in case:

iptables -t nat -I OUTPUT -m set --match-set dnsblock dst -p udp --dport 53 -j DNAT --to-destination 10.1.2.3
iptables -t nat -I OUTPUT -m set --match-set dnsblock dst -p tcp --dport 53 -j DNAT --to-destination 10.1.2.3

iptables -t nat -I POSTROUTING -p udp -d 10.1.2.3 --dport 53 -j SNAT --to-source 10.1.1.1
iptables -t nat -I POSTROUTING -p tcp -d 10.1.2.3 --dport 53 -j SNAT --to-source 10.1.1.1

Thanks!

[bslatyer]

Hey @zbugrkx,

Hopefully, this might help out (note, it is tailored to NextDNS, though)

https://github.com/vt0r/nextdns-catchall

Otherwise, a quick search brings this up.

https://edhull.co.uk/blog/2024-08-04/unifi-dnat-pihole

Let me know how you go.

Thanks!

[zbugrkx]

Thanks.

The second link won't this is for simple clients devices.

Looking in details to the first one, it seems very similar (the iptables rules) to the rules i have tried but i'll have a go at them.

My issue is quite more "complex" than the usual dns catchall/redirection.

The dns requests i am after are the one from the gateway services which are bound to the wan interface on do not seem to follow the usual path.