mbaezner/force-dns-pihole-vyos.md

## force-dns-pihole-vyos.md

      
    Raw
  

              force-dns-pihole-vyos.md
            
          
    Your Smart TV is probably ignoring your PiHole (Vyos Edition)

All credit goes to Labzilla for the original article "Your Smart TV is probably ignoring your PiHole".
Force all DNS queries through PiHole

Create NAT Rules

NAT Rule 1: Redirect DNS queries to PiHole

set nat destination rule 1020 description 'Intercept any outgoing DNS queries and redirect them to PiHole'
set nat destination rule 1020 inbound-interface '{{ lan_interface }}'
set nat destination rule 1020 protocol 'tcp_udp'
set nat destination rule 1020 destination port '53'
set nat destination rule 1020 translation address '{{ pihole_address }}'
set nat destination rule 1020 translation port '53'
NAT Rule 2: Exempt PiHole from DNS query redirects

set nat destination rule 1010 description 'Allow PiHole to reach external DNS servers'
set nat destination rule 1010 inbound-interface '{{ lan_interface }}'
set nat destination rule 1010 protocol 'tcp_udp'
set nat destination rule 1010 source address '{{ pihole_address }}'
set nat destination rule 1010 destination port '53'
set nat destination rule 1010 exclude
NAT Rule 3: Prevent clients from giving unexpected source errors

set nat source rule 1010 description 'Prevents hardcoded DNS clients from giving unexpected source error after DNS redirected to PiHole'
set nat source rule 1010 outbound-interface '{{ lan_interface }}'
set nat source rule 1010 protocol 'tcp_udp'
set nat source rule 1010 source address '{{ local_network_ipv4 }}'
set nat source rule 1010 destination address '{{ pihole_address }}'
set nat source rule 1010 destination port '53'
set nat source rule 1010 translation address 'masquerade'
Test it out

Testing can be done according to the original article.
DNS over TLS/HTTPS

WORK IN PROGRESS
Create IP List in Vyos

Create Firewall Rules using IP List

Test it out

Testing can be done according to the original article.