[Dnsmasq-discuss] DNS Upstream routing
Simon Kelley
simon at thekelleys.org.uk
Mon Mar 7 18:04:21 UTC 2022
You can set the source address of upstream queries in the --server
option, which can work in some circumstances (and can ensure that the
replies also come back via the VPN, which isn't a given.
In general, this is a routing question: you need to route traffic to
1.1.1.1 via the VPN and do suitable NAT (unless you have a public
address on the VPN) to get the replies back the same way.
It's not trivial; expect a long learning curve.
Simon.
On 07/03/2022 15:26, Ian Bonham wrote:
> Hi Everyone,
>
> I can't thank you enough for the work on DNSMASQ, it's an utterly
> brilliant piece of software. I'm amazed at the flexibility it gives me
> in securing my home network, thank you all who put in so much effort.
>
> Gushing aside, I'm stuck on one config I can't figure out though, so I
> wonder if anyone could advise please? My server is routing everything
> perfectly, and DNSMASQ is sitting there diligently dealing with DHCP and
> DNS, and I have DNSSEC enabled for upstream requests (off to 1.1.1.1 or
> 1.0.0.1). However I'd quite like to route the upstream DNS requests over
> a Wireguard VPN, which is on another interface.
>
> Is there a way to tell DNSMASQ to do it's upstream DNS requests over an
> alternative interface, rather than the standard (unencrypted) interface?
> Once the data are cached in DNSMASQ internally it's fine, that's on my
> internal network and the clients query it. It's the upstream requests
> I'm interested in routing privately over my VPN.
>
> Any advice? Many thanks,
>
> Bon
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list