Google DNS re-direct; hard coded device fails to call home

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Google DNS re-direct; hard coded device fails to call home

rscole86

4541 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#248272 17-Mar-2019 15:42

I have a Vu+ Zero that appears to use built in google DNS when it tries to phone home when using its plugin manager.

My edgerouter re-directs 8.8.8.8 and 8.8.4.4 requests to my pihole. As best I can tell the re-direct works successfully.

What I am struggling with is that the Vu+ fails to connect to their servers, unless I disable the two DNAT rules on the edgrouter.

Is this something I can work around?

chevrolux

4962 posts

Uber Geek
Inactive user

#2200300 17-Mar-2019 17:37

Sucks this is still being done to devices!! Have you reached out to the company? Perhaps they have a supported "fix" (although they wouldn't call it a fix).

If it truly is hard set in the code, then I guess the only thing to do would stick some simple accept rules with the source IP (or from whatever direction the edgerouter see's things) of the Vu+ box above your google redirect rules, so that's just it's specific requests don't get redirected. Annoying though if the point of your Pi Hole install is to block the ad's on the streaming services!!

BTW, what is this box? A replacement for fire TV/Mi Box/Raspberry Pi etc?

MyHeritage DNA

Affiliate link

Affiliate link: MyHeritage DNA test kit helps you discover your ethnicity results, DNA genetic groups, family relatives.

RunningMan

7070 posts

Uber Geek

#2200317 17-Mar-2019 18:26

What image are you using?

Crowdie

228 posts

Master Geek

#2200323 17-Mar-2019 18:34

chevrolux:

Sucks this is still being done to devices!!

Hard setting the DNS services to Google allows the product manufacturer to determine the region the device is being used in.

michaelmurfy

/dev/ttys0
11022 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2200335 17-Mar-2019 18:52

If you do a query to Google DNS with the DNAT rules enabled do you get a response?

eg - on MacOS / Linux run this in the terminal:
dig @8.8.8.8 geekzone.co.nz

Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.

rscole86

4541 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#2201102 18-Mar-2019 20:43

chevrolux:

BTW, what is this box? A replacement for fire TV/Mi Box/Raspberry Pi etc?

Vu+ Zero is a satellite stb, but I am going to have a go at getting it to work with the freeview iptv feeds.

RunningMan:

What image are you using?

Openvix 5.1.033 I did try upgrading to a few different 5.2 images, but I could not get the tuner to work with any of them. I will give it another go on the weekend.

michaelmurphy:

If you do a query to Google DNS with the DNAT rules enabled do you get a response?

I will give that a go later this week as well.

RunningMan

7070 posts

Uber Geek

#2201313 19-Mar-2019 06:45

Recommend you try OpenPLi instead. https://openpli.org/

You should be able to back up your current image first if you have want to.

rscole86

4541 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#2201330 19-Mar-2019 07:58

When I last looked, openpli did not have crossepg working. But I'll check again.

RunningMan

7070 posts

Uber Geek

#2201822 19-Mar-2019 16:09

Looks like CrossEPG OK now https://forums.openpli.org/topic/62726-crossepg/

What do you use it for?

rscole86

4541 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#2202004 19-Mar-2019 20:28

@michaelmurfy

;; reply from unexpected source: 192.168.1.100#53, expected 8.8.8.8#53

michaelmurfy

/dev/ttys0
11022 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2202095 19-Mar-2019 21:53

Ahh! Yes, I know of the problem now. To correct:

1) On the Edgerouter go into Config Tree --> Service --> DNS --> Forwarding --> DNS Forwarding. Set name-server to the IPv4 address of your PiHole.
2) At the very bottom of the EdgeOS screen - System, Name Servers. Specify the System name server as your IPv4 address as your PiHole (1) with loopback (127.0.0.1) as the 2nd.
3) In the DHCP pool (Services tab) specify your PiHole IPv4 address as the first DNS server, your Edgerouter as the 2nd DNS server.
4) In your DNAT rule (Firewall/NAT --> NAT) set the translation as your PiHole.
5) Set your PiHole to accept all origins. Settings --> DNS and under Interface listening behavior select "Listen on all interfaces, permit all origins".

Should work from now. The reason for the Edgerouter configuration is if your PiHole ever goes down you can set the DNS forwarding address to be an outside DNS server (eg, Cloudflare DNS) and disable the DNAT rule to get internet access on all devices quickly.

rscole86

4541 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#2202767 21-Mar-2019 10:29

I am sure I have followed that exactly, still get the same error with the dig. If I dig 1.1.1.1 it works fine.

My dnat rules are;

From googling, I am guessing I am missing a masquerade rule? Not to sure how to set that up, as I only want to re-direct google dns at this stage to the pihole, and not other external dns.

RunningMan:

Looks like CrossEPG OK now https://forums.openpli.org/topic/62726-crossepg/

What do you use it for?

Per this discussion, I need the ability to get opentv epg data.