Is there a way to disable DNS?

mgpat · March 5, 2021, 1:31am

I have zerotier bridged on my openwrt router. Windows clients outside of my home are using the DNS of my home pi-hole. I would like them to not be able to automatically find the pi-hole, and instead require me to assign the ip of the pi-hole for queries. Windows apparently tries to fetch DNS from every ethernet adapter and picks whichever responds the quickest.

Home LAN:

router: 192.168.196.1/23
DHCP: 192.168.196.100-254
pi-hole: 192.168.196.91

Zerotier network:

Managed routes: 192.168.196.0/23
auto assign: 192.168.197.100-254

All of my devices outside of the home network are assigned addresses in the 192.168.197 block.

dannydulai · March 11, 2021, 4:08pm

its not dns you need to block, its netbios name resolution

Netbios uses these ports, so just block them in your “flow rules”:

UDP/137,138;TCP/139

mgpat · March 13, 2021, 3:02am

Giving it a shot. Will report back.

mgpat · March 20, 2021, 12:36am

I tried dropping netbios to no avail. I successfully blocked port 53 on IPv4 with

drop
ipprotocol tcp
and sport 53
and dport 53

IPv6 is still passing DNS info though.

zt-grant · March 20, 2021, 12:39am

ZeroTier itself does nothing to configure DNS for your networks automatically. The one option that is there to configure DNS can only configure it for a specific search domain & must be manually enabled on each ZeroTier client. You must have some configuration elsewhere that is pointing everything at your DNS server.

system · April 19, 2021, 12:39am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.