Hi Dax,

I do not know any way to reply with different addresses based on source IPs. But I think you can use different technique, just have them ask to different dnsmasq instance that contains that blacklist. You can use DNAT to redirect their requests to dnsmasq on different IP. That would provide blocked names and forward other request to the first one.

You can also provide them different DNS address based on their client-id or MAC. Just set a tag for their devices. Then use something like:
dhcp-option=tag:children,option:dns-server,10.0.0.2

Where dnsmasq is listening on 10.0.0.2 is filtering hosts you have chosen.

I assume you are able to start more than one dnsmasq instance on your device. You have to use --bind-interfaces or --bind-dynamic with --interface for it to work.

Your children would hate you for that however. You may make them feel like outsiders that cannot do all their friends can. They may visit worse sites when looking for workaround. But I guess you have considered it.

Good luck,
Petr

--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: ***@redhat.com PGP: 65C6C973


----- Original Message -----
From: "Dax Kelson" <***@gmail.com>
To: dnsmasq-***@lists.thekelleys.org.uk
Sent: Wednesday, April 26, 2017 5:51:34 PM
Subject: [Dnsmasq-discuss] Per client dns spoof?

I use dnsmasq to do dhcp and DNS for the internal lan and DNS domain at my house.

I use dhcp-host to make static IP reservations fo most of the devices in my house.

For a couple of devices (some devices my kids use), I would like to block YouTube by making various YouTube hostnames resolve to 127.0.0.1. All other devices should be able access YouTube normally.

Can I accomplish this with dnsmasq? Something like a per dhcp-host addn-hosts file?

I can certainly update the latest version if needed.

Thanks,
Dax Kelson