How to redirect DNS traffic to dnsmasq on Android
2
votes
0
answers
871
views
I’m trying filter all DNS traffic using *dnsmasq* on Android (*LineageOS*). Here is what I did (thanks to the help of @IrfanLatif):
1. I installed it using *termux*:
pkg i root-repo && pkg up && pkg i dnsmasq
Then:
cp /data/data/com.termux/files/usr/bin/dnsmasq /system/bin/
2. On Linux it's possible to divert traffic to dnsmasq simply by editing /etc/resolv.conf and replacing nameserver 8.8.8.8 with nameserver 127.0.0.1.
But on Android there is no such file, however I can achieve the same using an iptables command (divert all DNS queries to port 5353):
/system/bin/iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:5353
/system/bin/iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:5353/etc/dnsmasq.conf containing:
domain-needed
bogus-priv
no-resolv
no-poll
port=5353 # <<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PORT
listen-address=127.0.0.1
no-hosts
expand-hosts
cache-size=500
log-queries
server=8.8.8.8
server=8.8.4.4
# Rules:
# Test block:
address=/bing.com/0.0.0.0/system/bin/dnsmasq --pid-file --conf-file=/etc/dnsmasq.conf <&-
I can also look at the logs and see that *dnsmasq* is running:
logcat | grep dnsmasq
05-27 19:17:08.039 7988 7988 D dnsmasq : forwarded google.com to 8.8.8.8
05-27 19:17:08.039 7988 7988 D dnsmasq : forwarded google.com to 8.8.4.4setpriv command.
However, when I try to set a UID to dnsmasq:
/data/data/com.termux/files/usr/bin/setpriv --reuid=999 --regid=999 --clear-groups /system/bin/dnsmasq --pid-file --conf-file=/etc/dnsmasq.conf <&-dnsmasq: failed to find list of interfaces: Permission denied
This is the second problem I'm having. I'm still trying to figure out what's going on. Any help from anyone will be much appreciated.
Asked by ellat
(111 rep)
Apr 30, 2024, 12:21 PM
Last activity: Jun 18, 2024, 11:31 AM
Last activity: Jun 18, 2024, 11:31 AM