[Dnsmasq-discuss] Upstream servers by host tag (or MAC)

Hubert FONGARNAND hubert at fongarnand.fr
Thu Sep 23 18:34:40 UTC 2021


Hi Michael,

It works, i've created a docker-compose project with two dnsmasq 
instance, each one listening on one ethernet alias. I've disabled dchp 
on the children instance.

Thanks for the advice!

Hubert.

Le 23/09/2021 à 18:43, Michael a écrit :
> On 9/23/21 04:35, Petr Menšík wrote:
>> Hi Hubert,
>>
>> it may work, if you would run two dnsmasq instances. One for children
>> with OpenDNS as upstream servers, another for everyone else.
>>
>> default instance:
>>
>> bind-interfaces
>> listen-address=10.1.0.1
>> server=8.8.8.8
>> domain=home.arpa
>> dhcp-option=option:dns-server,10.1.0.1,8.8.8.8
>> dhcp-option=tag:child,option:dns-server:10.1.0.2,208.67.222.123
>> ...
>>
>> children instance:
>>
>> bind-interfaces
>> listen-address=10.1.0.2
>> server=208.67.222.123
>> server=/home.arpa/10.1.0.1
>>
>> Because the second instance would forward local domain to main instance,
>> which also registers dhcp, they should be able to resolve any local
>> names. But other names would be served by different server.
>>
>> Children might have reserved different address range, but it might be
>> handy to be on shared broadcast link. Good for link-local address
>> resolution and easy local games setup. Not sure it is relevant anymore.
>>
>> Not sure if 10.1.0.2 can be on the same interface as 10.1.0.1. It would
>> work fine with just DNS, but I think dhcp requires interface=eth0 or
>> similar. Which would block the second instance from working correctly. I
>> think alternative address would have to be on different interface.
>>
>
> I do almost exactly this so I can confirm it works.
>
>
> I have one machine running docker.   On that machine, I run two 
> containers with their own IP addresses (macvlan).    .1 for the 
> primary including DHCP pointing to my main DNS.   Then the .2 version 
> that points to the safe DNS, but relays local name queries (and 
> reverse) over to the .1.
>
>
> Then in config as you highlighted above, I point the child machines to 
> the .2 and everything else to .1.
>
>
> It would be nice if you could use tags to point to different DNS 
> servers, but until that is an option, this works.
>
> Michael
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss



More information about the Dnsmasq-discuss mailing list