Use DNSmasque. Use OpenDNS for forwarding to take care of lot of crapware.
Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, December 17, 2019 9:55 PM, lu hu <luhu8...@mail.com> wrote: > Our little home network: > > ISP -> ROUTER -> SWITCH -> WIFI APs -> CLIENTS > > ROUTER: OpenBSD 6.5, giving DHCP+fwing internet to the WIFI APs. Based > onhttps://www.openbsd.org/faq/pf/example1.html#pf and > https://www.openbsd.org/faq/pf/example1.html#dhcp > > CLIENTS: laptops, smartphones. > > So everything is going through the ROUTER. > > We can see a https://www.openbsd.org/faq/pf/example1.html#dns DOC for how to > setup a DNS server, ~ok. > > AD filtering. We would like to have one, but not a fancy one, just a working > one. > > Based on "bad hosts", ex.: if a client queries iamAD.foo, then answer it back > as 127.0.0.1, so the clients will try to connect to themselfes, which will > end up not showing the AD. > > The big question: Is there any DOC for OpenBSD about this? What pf rules > needed to redirect any DNS server (ex.: 8.8.8.8 or 1.1.1.1) requests to the > DNS server running on the ROUTER, coming from the CLIENTS? > > So ex.: if a smartphone CLIENT wants to query iamAD.foo domain to get ADs, it > will only get back 127.0.0.1
