[Dnsmasq-discuss] Upstream servers by host tag (or MAC)
Michael
michael at kmaclub.com
Thu Sep 23 16:43:56 UTC 2021
On 9/23/21 04:35, Petr Menšík wrote:
> Hi Hubert,
>
> it may work, if you would run two dnsmasq instances. One for children
> with OpenDNS as upstream servers, another for everyone else.
>
> default instance:
>
> bind-interfaces
> listen-address=10.1.0.1
> server=8.8.8.8
> domain=home.arpa
> dhcp-option=option:dns-server,10.1.0.1,8.8.8.8
> dhcp-option=tag:child,option:dns-server:10.1.0.2,208.67.222.123
> ...
>
> children instance:
>
> bind-interfaces
> listen-address=10.1.0.2
> server=208.67.222.123
> server=/home.arpa/10.1.0.1
>
> Because the second instance would forward local domain to main instance,
> which also registers dhcp, they should be able to resolve any local
> names. But other names would be served by different server.
>
> Children might have reserved different address range, but it might be
> handy to be on shared broadcast link. Good for link-local address
> resolution and easy local games setup. Not sure it is relevant anymore.
>
> Not sure if 10.1.0.2 can be on the same interface as 10.1.0.1. It would
> work fine with just DNS, but I think dhcp requires interface=eth0 or
> similar. Which would block the second instance from working correctly. I
> think alternative address would have to be on different interface.
>
I do almost exactly this so I can confirm it works.
I have one machine running docker. On that machine, I run two
containers with their own IP addresses (macvlan). .1 for the primary
including DHCP pointing to my main DNS. Then the .2 version that
points to the safe DNS, but relays local name queries (and reverse) over
to the .1.
Then in config as you highlighted above, I point the child machines to
the .2 and everything else to .1.
It would be nice if you could use tags to point to different DNS
servers, but until that is an option, this works.
Michael
More information about the Dnsmasq-discuss
mailing list