[Dnsmasq-discuss] Change upstream server by client?

Jonathan Stafford thecabinet at gmail.com
Thu Dec 29 22:34:24 UTC 2022 

On Thu, Dec 22, 2022 at 3:46 PM Michael Smith <michael at kmaclub.com> wrote:

> I run 2 instances of pihole (DNSmasq) on docker.   Each run on their own
> IP address (macvlan) separate from the docker host.   Their IP addresses
> are .2 and .3.
>
>
> The .2 host is primary and forwards upstream to 1.1.1.1.   This container
> also holds all the hosts file info and handles DHCP+dynamic host DNS
> resolution.
>
> The .3 host is secondary and handles only DNS requests for the kids.
> This forwards upstream to 1.1.1.3.    If  a DNS request comes in for local
> domain info, it simply forwards those requests to .2 like this:
>
> server=/mydomain.com/192.168.101.2
> server=/101.168.192.in-addr.arpa/192.168.101.2
>
>
> Combine with the tagging and now you can point any client to either
> upstream DNS:
>
> # Define DNS servers
> dhcp-option=option:dns-server,192.168.101.2
> dhcp-option=tag:kidsdevices,option:dns-server,192.168.101.3
>
> dhcp-host=0c:51:01:95:d3:36,set:kidsdevices   # Ipad
> dhcp-host=58:41:4E:CD:D2:0A,set:kidsdevices   # Iphone
>

Thanks everybody for the discussion.  I ended up doing something like what
Michael and Geert described and adding a second IP to my server and running
two instances of dnsmasq.

The primary instance handles DHCP, uses 1.1.1.2 as its upstream, and tags a
handful of devices to use it for DNS:

no-resolv
server=1.1.1.2
interface=lo
interface=eth0      # 10.1.1.32
bind-interfaces
dhcp-host=1c:0d:7d:13:9e:3e,set:cf1112
dhcp-option=option:dns-server,10.1.1.33
dhcp-option=tag:cf1112,option:dns-server,10.1.1.32

The secondary instance is just doing DNS and using 1.1.1.3 as its upstream:

no-resolv
server=1.1.1.3
interface=eth0:1    # 10.1.1.33
except-interface=lo
no-dhcp-interface=eth0:1
bind-interfaces


Thanks Eric for describing the ways this is insufficient :)  I have not
been keeping up with all the advancements in the world of DNS.

jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20221229/57de4ae4/attachment.htm>

More information about the Dnsmasq-discuss mailing list