[Dnsmasq-discuss] Upstream servers by host tag (or MAC)

Petr Menšík pemensik at redhat.com
Thu Sep 23 11:35:03 UTC 2021


Hi Hubert,

it may work, if you would run two dnsmasq instances. One for children
with OpenDNS as upstream servers, another for everyone else.

default instance:

bind-interfaces
listen-address=10.1.0.1
server=8.8.8.8
domain=home.arpa
dhcp-option=option:dns-server,10.1.0.1,8.8.8.8
dhcp-option=tag:child,option:dns-server:10.1.0.2,208.67.222.123
...

children instance:

bind-interfaces
listen-address=10.1.0.2
server=208.67.222.123
server=/home.arpa/10.1.0.1

Because the second instance would forward local domain to main instance,
which also registers dhcp, they should be able to resolve any local
names. But other names would be served by different server.

Children might have reserved different address range, but it might be
handy to be on shared broadcast link. Good for link-local address
resolution and easy local games setup. Not sure it is relevant anymore.

Not sure if 10.1.0.2 can be on the same interface as 10.1.0.1. It would
work fine with just DNS, but I think dhcp requires interface=eth0 or
similar. Which would block the second instance from working correctly. I
think alternative address would have to be on different interface.

Cheers,

Petr

On 9/21/21 08:32, Hubert FONGARNAND via Dnsmasq-discuss wrote:
> Hi,
>
> Here's my use case :
>
> Some hosts in my home are for my children (smartphone, tablet...). I want 1) they access internet
> filtered by OpenDNS, 2) they could resolves internal hosts name (example home printer, nas).
>
> My idea was to add the possibility to use the "server" directive like that
>
> |server = tag:child,208.67. 222.123  // OpenDNS family shield for children.
> |server = 8.8.8.8 // default upstream for everyone else|
>
> I know that i can use DHCP for doing
>
> |dhcp-option=tag:child,option:dns-server,208.67. 222.123|
>
> But with this solution my childs devices would not be able to resolv internal hosts (private
> domain) which are handled by dnsmasq itself.
>
> Thanks for your ideas. We can try patches on github ?
>
> Sincerely,
>
> Hubert
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB




More information about the Dnsmasq-discuss mailing list