How to set up DNS Forwarding

Feb 3, 2016

There are a number of reasons for wanting to change your DNS, whether you want to benefit from speed & reliability improvements, set up parental controls, or want to access geoblocked content.

But sometimes you might not want all of your traffic routed through a custom DNS server, especially if you just want to do something simple like access US Netflix outside of the US. There is a really easy option to set up in OpenWRT that allows you to set DNS servers to be used only with specific domains.

SSH to your OpenWRT device

If you are using Windows then start PuTTY and click Session on the left side, select SSH from the options, and then enter in the IP Address of your OpenWRT box into the Host Name field. 

Once you’ve done this just click on Open to start up the SSH connection.

If you are connecting via terminal, then just SSH to your OpenWRT device using the following command, where is your OpenWRT device’s IP address.

ssh [email protected]

Setting up DNS forwarding

Once you are logged into your OpenWRT device, run the following command to edit your DHCP file:

vi /etc/config/dhcp

The rules you want to add to this section are formatted as follows:

list server ‘/domain_name/dns_address’

Find the dnsmasq section and add in your rules, it should look something like the following:

config 'dnsmasq'
        option domainneeded	 1
        option boguspriv	 1
        option filterwin2k	 0
        option localise_queries  1
        option rebind_protection 1
        option rebind_localhost  0
        option local        	 '/lan/'
        option domain	         'lan'
        option expandhosts	 1
        option nonegcache	 0
        option authoritative	 1
        option readethers        1
        option leasefile	 '/tmp/dhcp.leases'
        option resolvfile	 '/tmp/'
        list server          '/'
        list server          '/'

Once you have added your rules, save your changes.

You may need to restart the service for your changes to apply so run the following command in the console:

/etc/init.d/dnsmasq restart

It is as easy as that. Whenever you access that domain, it will be through that DNS, while the rest of your traffic uses your normal default DNS settings.

(Optional) Using the web GUI

This can all be done using the web GUI by navigating through Network > DHCP and DNS > Sever Settings > General Settings, and entering the rules in the following format under DNS Forwardings:


CT WiFi is a cloud based WiFi management platform for businesses. The firmware gives consumer-grade WiFi access points enterprise-like capabilities. Or you can utilise the captive portal solution with your existing infrastructure. Create a free account and check it here

Come join CT WiFi

Sign Up

Sign-up for CT WiFi, it's free for unlimited access points :)