[Dnsmasq-discuss] Custom DNS Order

Tue Jan 6 03:27:42 GMT 2009

On Tue, Jan 6, 2009 at 1:37 AM, Xavier Kerestesy <xavier at kerestesy.com> wrote:
> I hope this helps to clarify:
>
> I use the DNSMASQ, DNS and DHCP, in DD-WRT on a Router.  We use the local
> DNS features of DNSMASQ to resolve local computers.  By default we
> configured the DNSMASQ to resolve to OPENDNS for adult/torrent filtration.
> There are a select few who need to bypass the Opendns and resolve to a 3rd
> party dns server.  These select few people use reserved/static IPs.  So, a
> possibility might be for IPs .5 - .99 use DNS B and for ips 100-200 use DNS
> A.
>
> I tried to customize the DNS via the local machine, but it doesn't seem to
> work properly
>
> PC 1: (static)
> DNS1: x.x.x.1 (router)
> DNS2: x.x.x.x (ISP)
> Issue: Always resolves via the router, never fails to DNS2
>
> PC 1: (static)
> DNS1: :x.x.x.x (ISP)
> DNS2: x.x.x.1 (router)
> Issue: Always resolves to ISP and never performs a local lookup
>
> PC 1 (static/reserved - Range 5-99)
> Resolve to Router/local then resolve to ISP
>
> PC 2 (DHCP - Range 100 - 199)
> Resolve to Router/local then resolve to OpenDNS
>
> It would be nice if I can use the local DNSMASQ dns features and if it
> doesn't exist locally, fail so the PC can use DNS2 or something like that.
> I guess it would be simpler to setup an independent DHCP server and
> configure it there.  I was just hoping the keep it all on the router.
>
> I hope this is a little more understandable.  I hope someone out there has a
> simple solution that would be more helpful.

You can just not give dnsmasq any upstream nameserver at all.  Then it
will query the local database only.  You can give the filtering DNS
server addresses out via DHCP options.

Remember that you'll need to use packet filtering to enforce usage of
those filtering DNS servers, otherwise client configuration could
select others.

Yes, those little routers are short on resources, but dnsmasq is very
small and efficient.  You should definitely be able to run three
instances (DHCP and local resolution), (forward the .local domain to
instance #1, all other queries to filtering servers), (forward the
.local domain to instance #1, all other queries to raw servers).

>
>
> Thank you,
>
>
> xavier
>
> Jan 'RedBully' Seiffert wrote:
>
> Xavier Kerestesy wrote:
>
>
> Does anyone have an idea on how I can accomplish this?
>
>
>
>
> Hmmm, it is still a little confusing what you are trying to achive, but i
> guess
> you want dnsmasq to query different DNS-Server based on the client
> MAC-Address.
> This is AFAIK not possible.
>
> But there are "workarounds"
> 1) client side lookup
> If you categorize your clients into net-tags ("Guest", "known", etc.) you
> can
> send every tag a different set of DNS-Servers by DHCP. This way you loose
> the
> cacheing ability of dnsmasq, but basically get what you want.
> 2) multi-dnsmasq
> You set up several dnsmasq. You can do this on one mashine by giving one
> interface several IPs and bind every dnsmasq instance to one IP. Only one
> dnmasq
> instance does dhcp, it points your clients again by net-tag to the other
> dnsmasq-IPs with DHCP, the other dnsmasq instances only do DNS-caching.
>
>
>
> Thank you,
>
>
>
> HTH
> greetings
> 	Jan
>
>
>
> Xavier
>
>
>
> Xavier Kerestesy wrote:
>
>
> So by default everyone points to the dnsmasq for all dns queries.
> Then by default, dnsmasq points to opendns1, opendns2, ISPDNS1.  We
> would like to add an option to use ISPDNS1, opendns2, opendns1 based
> on an IP or via MAC address for authorized users.  Another option
> might be, to check the local records, then fail and not use the other
> DNS servers.  This would force the PC to use the next one which could
> be configured to ISPDNS1.
>
> Hopefully, this isn't too confusing.
>
> Thank you!
>
>
> Xavier
>
>
>
> [snip]
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>