Using OpenDNS and DD-WRT

I was in a situation very much like this guy and I need to block access to other DNS from within our company network. Some coworkers are technology savvy enough to disable the static network configs on their workstations and in effect bypass our web filters.

Here’s what I did on our dd-wrt router:

1. Administration -> Commands (after typing the code below, click on Save Startup)

dnsmasq -S -R -i br0 -p 1054

2. Administration -> Commands (after typing the codes below, click on Save Firewall)

iptables -t nat -A PREROUTING -p udp -i br0 -s --dport 53 -j DNAT --to $(nvram get lan_ipaddr):1054
iptables -t nat -A PREROUTING -p tcp -i br0 -s --dport 53 -j DNAT --to $(nvram get lan_ipaddr):1054

3 thoughts on “Using OpenDNS and DD-WRT

  1. Just so you know, you can do this with a lot less of a command.

    iptables -I FORWARD 1 -p tcp –dport 53 -j DROP; iptables -I FORWARD 2 -p udp –dport 53 -j DROP

    I did a blog post on this back in August. Basically as far as I understood, all you had to do was block port 53 through the router. This would block all external nameserver queries.

    More info here:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s