DNS Hijacking on Wi-Fi

I am using a Flint 2 on the last release 4.5.8.

I am running AdGuard on my router and I want to force every device through it.

Some of my devices use custom DNS,
I followed this guide:

But it doesn’t do anything more than the “Override DNS settings for all clients” setting in the GL-iNet UI, as far as I know.
This works great for devices connected through cable, but I also would like to be able to override my DNS settings for devices on the Wi-Fi, like my phone.

I have a hard time finding anything about DNS Hijacking on Wi-Fi.
Are there any guides for this? Has anyone done it successfully?


On your phone (Android):

Settings → Network and Internet → Private DNS → OFF

Now your phone will get the DNS from your router.

I am trying to hijack the DNS from router side for Wi-Fi devices.

I am not trying to change the DNS settings on my Wi-Fi devices.

Hijacking isn’t possible if the device does not use plain DNS.

So the advice of @Renato is indeed correct.

1 Like

Hi Admon,
The phone is just an example of one of the devices.

So for my own understanding, if I understand your message correctly.

The DNS over TLS firewall configuration:
"Configure firewall to filter DoT traffic forcing LAN clients to switch to plain DNS."

Is impossible to pull off for Wi-Fi?

I haven't tried installing banIP through LuCi, the OpenWrt documentation says:
Utilize banIP to filter DoH traffic forcing LAN clients to switch to plain DNS.

Is that still worth the try, or is that also impossible to force devices with to use my DNS?

Thank you

In my opinion, it's a waste of time because there is DoH for example.
Trying to ban all IPs of all DNS servers ... isn't a real way either.

I would just accept that and live with it. A game of cat and mouse doesn't make much sense.

1 Like

That is unfortunate.

But thanks a lot for your quick response.

There's a detailed thread on using IP sets over on the Openwrt forum:

It builds from the Wiki page and is successful in blocking DoH

1 Like

Please keep in mind that blocking based on IPs have disadvantages and isn't really reliable.

1 Like

Oh agreed, especially when there's things like iCloud Private Relay that people like to enable and then complain that stuff does not work.

Thank you, @hecatae and @admon for your help!

It indeed looks like that if you block the DoH providers, the devices won't automatically switch to the routers DNS.

It is unfortunate, but also better for security reasons.

Yes, that's why I gave up with doing so as I have family members who enable iCloud Private Relay and I'm tired of the tech queries.

I used Tasker app on my android. When I am at home and does match name ssid then auto turn off private dns setting on my phone. Reason I made hostname for local domains which I need to access LAN devices.
When does not match any WiFi ssid then turn on private dns setting on my phone.

1 Like

Is I wrote here, it is just not good idea.

1 Like