<div dir="ltr"><div dir="ltr">On Thu, Dec 22, 2022 at 3:46 PM Michael Smith <<a href="mailto:michael@kmaclub.com">michael@kmaclub.com</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>I run 2 instances of pihole (DNSmasq) on docker. Each run on
their own IP address (macvlan) separate from the docker host.
Their IP addresses are .2 and .3.<br></div>
<p><br>
</p>
<p>The .2 host is primary and forwards upstream to 1.1.1.1. This
container also holds all the hosts file info and handles
DHCP+dynamic host DNS resolution.<br>
</p>
<p>The .3 host is secondary and handles only DNS requests for the
kids. This forwards upstream to 1.1.1.3. If a DNS request
comes in for local domain info, it simply forwards those requests
to .2 like this:</p>
<p><span style="font-family:monospace"><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)">server=/<a href="http://mydomain.com/192.168.101.2" target="_blank">mydomain.com/192.168.101.2</a></span><br>
server=/101.168.192.in-addr.arpa/<a href="http://192.168.101.2" target="_blank">192.168.101.2</a></span></p>
<p><span style="font-family:monospace"><br>
</span></p>
<p><span style="font-family:monospace">Combine with the tagging and
now you can point any client to either upstream DNS:</span></p>
<p><span style="font-family:monospace"><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"># Define DNS
servers </span><br>
dhcp-option=option:dns-server,192.168.101.2<br>
</span><span style="font-family:monospace"><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)">dhcp-option=tag:kidsdevices,option:dns-server,192.168.101.3</span><br>
</span></p>
<p><span style="font-family:monospace"><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)">dhcp-host=0c:51:01:95:d3:36,set:kidsdevices
# Ipad </span><br>
dhcp-host=58:41:4E:CD:D2:0A,set:kidsdevices # Iphone</span></p></div></blockquote><div><br></div><div>Thanks everybody for the discussion. I ended up doing something like what Michael and Geert described and adding a second IP to my server and running two instances of dnsmasq.</div><div><br></div><div>The primary instance handles DHCP, uses 1.1.1.2 as its upstream, and tags a handful of devices to use it for DNS:</div><div><p><span style="font-family:monospace"><span style="color:rgb(0,0,0)">no-resolv</span><br>server=1.1.1.2<br></span><span style="font-family:monospace">interface=lo<br>interface=eth0 # 10.1.1.32<br></span><span style="font-family:monospace">bind-interfaces<br></span><span style="font-family:monospace">dhcp-host=1c:0d:7d:13:9e:3e,set:cf1112<br></span><span style="font-family:monospace">dhcp-option=option:dns-server,10.1.1.33<br></span><span style="font-family:monospace">dhcp-option=tag:cf1112,option:dns-server,10.1.1.32</span></p></div><div><br></div><div>The secondary instance is just doing DNS and using 1.1.1.3 as its upstream:</div><div><p><span style="font-family:monospace"><span style="color:rgb(0,0,0)">no-resolv</span><br>server=1.1.1.3<br></span><span style="font-family:monospace">interface=eth0:1 # 10.1.1.33<br>except-interface=lo<br>no-dhcp-interface=eth0:1<br>bind-interfaces<br></span></p><p><br></p></div><div>Thanks Eric for describing the ways this is insufficient :) I have not been keeping up with all the advancements in the world of DNS.</div><div><br></div><div>jonathan</div></div></div>