Blocking Google DNS on MT300N V2

Hi all,

I know people have been posting similar issues over time but I still haven’t found a working solution.

I am running my MT300N V2 firmware 3.05 as VPN router for my Roku Ultra and would like to access other Netflix libraries. The MT300N is connected to a TP-Link router with a static IP 192.168.0.10 which I set as DMZ in the TP-Link router. OpenVPN works fine, I can connect to the servers and everything works but I can’t block Netflix from connecting to the Google DNS when running from my Roku. The VPN server is not blocked, Netflix works using the VPN app on my Ipad but when I run it from my Roku I keep getting the unblocker error message.

The router is already set to custom DNS (using OpenDNS) and override client DNS but this doesn’t help. I also tried blocking the google DNS on the MT300N using static routes with any lan connection to 8.8.8.8 and 8.8.4.4 being redirected to the internal router lan IP 192.168.8.1 and returned unreachable. I followed this how-to: How to Block Google DNS on Router | KeepSolid SmartDNS

I also tried blocking the Google DNS using traffic rules following this how-to: OpenWRT

The funny thing is that after adding the static routes or the traffic rules it seems as if I cannot ping the google DNS from my laptop (as expected) but after just a few minutes I can ping it again, how is that possible? Is there an issue with static routes or traffic rules suddenly stopping to work after just a few minutes?

Any help is appreciated and I am sure other people would also welcome a solution t this problem.

Best wishes,
ZappBrannigan

You might try some of these hints. I think you might need to fiddle with dnsmasq.

you need to hijack all dns queries, i have the same with a chromecast…

/etc/config/firewall

config redirect
	option dest_port '53'
	option src 'lan'
	option name 'redirect dns'
	option src_dport '53'
	option target 'DNAT'
	option dest 'lan'

info here:

https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns_luci

In the custom dns page there is an option for “hijacking all dns”

Hi alzhao,

Thank you for your response. This is, of course, the first option I used but it only worked for a few hours and then stopped working i.e. when I changed the VPN server Netflix started recognizing that I am using a VPN, changing back to the former server didn’t work anymore. I of course tested the VPN server using my iPad and my MacBook using the VPN provider app and it worked fine. This is why I started trying to block the Google DNS using static routes and/or Firewall rules, but I can still ping the Google DNS from any device connected to the router. So I am wondering why?

Best wishes,
ZappBrannigan

Don’t want to hijack the thread, quick question, this doesn’t work with adguard on, get “invalid dns” error, so what can we do for Chromecasts?

Have you tried the solution in post 2 from elorimer?
It comes down to the following:

  1. Start Luci
  2. Go to Network > Firewall > Custom Rules
  3. Add the following two lines all the way to the end of the textbox. Make sure you don’t delete or move anything that’s already there:

iptables -I FORWARD --destination 8.8.8.8 -j REJECT
iptables -I FORWARD --destination 8.8.4.4 -j REJECT

After this, when using “ping 8.8.8.8” or “ping 8.8.4.4” it seems it’s blocked. Hopefully this will help with Chromecast and ROKU.

1 Like

When you turn on Adguard, adguard hijack all the dns. Otherwise it does not work.

Hi bno25ab,

This kinda worked as I cannot ping the Google DNS anymore but Netflix still gives an unblocked error. Does Netflix also ping other IPs to check?

Best,
ZappBrannigan

Netflix&co check dns nationality and blacklist more vpn provider than we think…