Why bother?
To eliminate DNS leaking. By doing so we are forcing every device to go through our DNS filter.
Process
Intercept and redirect DNS queries.
Port forward
On the OpenWRT router under Network > Firewall > Port Forwards, I added the following rule:
-
Protocol:
TCP,UDP -
Source zone:
lan -
External port:
53 -
Destination zone:
lan -
Internal IP address:
192.168.1.101(this is address of my PiHole) -
Internal port:
53
Under the Advanced Settings of the new port forward rule I added:
-
Source IP address:
!192.168.1.101
Which indicates that this rule should apply to all devices on lan except the PiHole.
NAT Rule
OpenWRT router under Network > Firewall > NAT Rules, I added the following rule:
-
Protocol:
TCP,UDP -
Outbound zone:
lan -
Source address:
any -
Source port:
any -
Destination address:
192.168.1.101 -
Destination port:
53 -
Action:
MASQUERADE - Automatically rewrite to outbound interface IP -
Rewrite port:
do not rewrite
Elaborate guide
https://jeff.vtkellers.com/posts/technology/force-all-dns-queries-through-pihole-with-openwrt/