Static routing and blocking public DNS

Hi,

How can I add static routes in B1300?

Or is there any way to force every LAN and guest client to use DNS server defined in the router and not any other DNS server? Excluding clients using Wireguard.

In short I want to completely block access to any DNS for clients but to those set in the router, this doesn’t apply on clients using wireguard or openvpn of course.

DHCP, as typically configured, will set each client’s DNS to be that of the router. Static configuration can be set to point to the router.

As DHCP is a “suggestion” and any host can configure whatever DNS they want, including alternate ports or transport, at best you can make it “more challenging”.

Blocking forwarding of TCP and UDP with a destination port of 53 should still let your router contact upstream DNS, but discourage others from its use.

Can you please guide how to do it in B1300?

isn’t this easy as in the docs https://docs.gl-inet.com/en/3/setup/convexa_b/more_settings/#custom-dns-server

Just tick “override DNS settings for all clients” and it is OK.

This does not block encrypted DNS though.

I followed it and connected Android TV with main WiFi SSID which uses wireguard and added TV’s MAC in VPN policies not to use VPN.

Issues with this scenario are:

1- If wiregaurd server is down I have no Internet on TV connected to main WiFi SSID.
2- If I don’t use static routes then I can’t use SmartDNS for Netflix.
3- If I add static routes again then Netflix app on TV gives me warning that I am using a proxy.

I do not have any of these issues when using ASUS AC3200 where I have added static routes and a custom DNS. I don’t know if this is possible in Openwrt.