By default, every Google device uses the following configured DNS-servers:
- 8.8.8.8
- 8.8.4.4
But I don’t want my guests, who can use my WiFi, to let Google phone home and give information about who visits my network.
I use iptables to block those DNS-requests. The firewall rejects all the DNS-requests that would be sent to Google. So the clients have no other option than to use the DNS-server that’s published by my DHCP-server.
User scripts
With the AsusWRT (and asuswrt-merlin) firmware I can add user scripts. The next two lines are loaded when the firewall (iptables) has been started.
iptables -I FORWARD --destination 8.8.8.8 -j REJECT iptables -I FORWARD --destination 8.8.4.4 -j REJECT
Save this code in the folder /jffs/scripts/ with the filename firewall-start.
After successfully loading the rules in iptables, when your router has (re)booted successfully, every DNS-request to Google will be rejected. When testing this with a ping to 8.8.8.8 (or 8.8.4.4), the result should be:
Pinging 8.8.8.8 with 32 bytes of data: Reply from 192.168.2.1: Destination port unreachable. Reply from 192.168.2.1: Destination port unreachable. Reply from 192.168.2.1: Destination port unreachable. Reply from 192.168.2.1: Destination port unreachable.