Skip to content

DNS Filtering

You can use dnsmasq to implement DNS filtering by blocking or redirecting specific domain names. This feature is useful for network-wide ad blocking, restricting access to malicious or unwanted websites, or redirecting specific domains to a different IP address.

Here’s how you can set up DNS filtering using dnsmasq:

1. Block Specific Domains

To block certain domains, you can configure dnsmasq to return a "non-routable" IP address (like 0.0.0.0 or 127.0.0.1) whenever someone tries to access a blocked domain. This effectively prevents access to those domains.

Edit the /etc/dnsmasq.conf file or create new file under /etc/dnsmasq.d and add entries for the domains you want to block:

# /etc/dnsmasq.d/dns-filtering.conf

# Block specific domains by returning a non-routable IP (e.g., 0.0.0.0)
address=/example.com/0.0.0.0
address=/ads.example.com/0.0.0.0
address=/malicious-site.com/0.0.0.0

2. Redirect Specific Domains

You can also use dnsmasq to redirect requests for specific domains to another IP address. This is useful when you want to redirect traffic for certain domains to your local server or another web page.

In the dnsmasq.conf file:

# Redirect specific domains to a different IP
address=/example.com/192.168.1.100
address=/myinternalapp.local/192.168.1.50

3. Restart dnsmasq

After updating the configuration, restart dnsmasq to apply the changes:

sudo systemctl restart dnsmasq

4. Testing

To test whether the DNS filtering is working, you can use dig or nslookup to query the blocked or redirected domain names:

dig example.com

If the configuration is correct, you'll see the blocked domain resolving to 0.0.0.0, or the redirected domain resolving to the IP address you specified.

5. Logs and Troubleshooting

If you’re experiencing issues with DNS filtering, you can check the dnsmasq logs to see what’s happening. Enable detailed logging in /etc/dnsmasq.conf:

log-queries
log-facility=/var/log/dnsmasq.log

After enabling logs, restart dnsmasq, and you can monitor the queries:

tail -f /var/log/dnsmasq.log

This setup provides simple DNS filtering for your network using dnsmasq.

Note

In case you want to block or redirect domain in a particuler interface add interface=<interface_name> in the configuration file which bind the block and filtering configuration to that particular interface