[Dnsmasq-discuss] dnsmaq on OpenWRT, configuration question

Art Greenberg art at artg.tv
Sat Jul 27 16:34:41 BST 2019


I had been running dnsmasq on a machine on my network and using addn-hosts for ad blocking. My router was configured with my ISP's DNS servers.

I used "net:red" to assign the router as DNS server for certain devices (Roku streamers, notably) to avoid the ad blocking, because some of the apps on the router would not work properly with the ad blocking in place. This told those devices to go directly to the router for DNS services.

router/gateway 192.168.2.1
dnsmasq machine 192.168.2.11

## dnsmasq.conf fragment

domain-needed
bogus-priv
no-resolv
local=/artg.tv/
interface=eth0
domain=artg.tv
server=8.8.8.8,8.8.4.4

dhcp-option=option:dns-server,192.168.2.11                                         ## use dnsmasq machine for DNS
dhcp-option=net:red,option:dns-server,192.168.2.1

dhcp-host=00:01:03:27:84:95,192.168.2.15,martha                                ## typical of computer assignments
dhcp-host=d8:31:34:36:d0:18,192.168.2.135,ROKU-1-WIFI,net:red    ## typical of ad blocking avoidance

## end dnsmasq.conf fragment

This all worked fine.

Then I obtained a newer router and installed OpenWRT on it. This, too, worked fine until I moved dnsmasq onto the router. The configuration now looks like this:

router/gateway 192.168.2.1
dnsmasq machine 192.168.2.1

## dnsmasq.conf fragment

domain-needed
bogus-priv
no-resolv
local=/artg.tv/
interface=br-lan
domain=artg.tv
server=8.8.8.8,8.8.4.4

dhcp-option=option:dns-server,192.168.2.1                                            ## use dnsmasq on the router for DNS
dhcp-option=net:red,option:dns-server,8.8.8.8,8.8.4.4                        ## Google public DNS servers

dhcp-host=00:01:03:27:84:95,192.168.2.15,martha                                ## typical of computer assignments
dhcp-host=d8:31:34:36:d0:18,192.168.2.135,ROKU-1-WIFI,net:red    ## typical of ad blocking avoidance

Now the Roku streamers and some of the apps on them aren't so happy. Despite the "net:red" tag, dnsmasq is intercepting all DNS requests and it is returning 0.0.0.0 when the host being looked up is in one of the addn-hosts files.

I have DHCP and DNS logging turned on in dnsmasq and can see the Roku streamers ask for option 6 (dns-server) and they get the expected response (the Google DNS servers). Yet when they make a DNS request, its being processed by dnsmasq and the add-hosts files are being consulted, the result being that hosts listed in one of the files have their IP address returned as 0.0.0.0.

I suppose this is expected, as dnsmasq is acting as a DNS relay only if it cannot resolve the request, and since the ad hosts are listed in an addn-hosts file, dnsmasq -can- resolve the request despite it not being within the local, private IP address block.

I'm thinking I need a second dnsmasq instance configured to handle those devices that cannot have ad blocking, and the appropriate division of configurations, including complimentary use of the "ignore" option to dhcp-host on the two configurations.

Is there a simpler way to deal with this? And no, I'd rather not move back to using a machine on the network for dnsmasq if I can avoid it.

Thanks.

-- 
Art Greenberg
art at artg.tv



More information about the Dnsmasq-discuss mailing list