Discussion:
[Dnsmasq-discuss] Conditional DNS response by source
Kevin Elliott
2017-02-07 22:10:37 UTC
Permalink
Hello,

I would like to return a different DNS response according to source.
The objective is to override youtube.com for all queries from my children's
devices to make a simple parental control.

dnsmasq DHCP supports tag sets, but as far as I can tell the tag
conditional switch does not apply to any of the DNS config, e.g. forward
DNS queries from hosts with tag X to server Y.

Is anything like this possible with dnsmasq?

I thought about running a 2nd dns server on a different port and use dhcp
dns-server option to redirect but I couldn't see how to specify a
non-standard port in the DHCP dns-server option either.

Thanks for any advice,
Kevin
Eric Luehrsen
2017-02-08 00:53:24 UTC
Permalink
Correct <tag> is used for DHCP options and network or host binding. DNS
is not linked as such. If you are using OpenWrt/LEDE as your gateway,
then you have an easier to use option. LEDE 17.01(RC) supports building
dnsmasq instances on designated networks. So instead of HOME and GUEST
SSID on your WiFi, you could have PARENT and CHILD SSID for example.
Then configure dnsmasq uniquely to each.

https://lede-project.org/docs/user-guide/dns_configuration (keyword
instance)
Post by Kevin Elliott
Hello,
I would like to return a different DNS response according to source.
The objective is to override youtube.com <http://youtube.com> for all
queries from my children's devices to make a simple parental control.
dnsmasq DHCP supports tag sets, but as far as I can tell the tag
conditional switch does not apply to any of the DNS config, e.g. forward
DNS queries from hosts with tag X to server Y.
Is anything like this possible with dnsmasq?
I thought about running a 2nd dns server on a different port and use
dhcp dns-server option to redirect but I couldn't see how to specify a
non-standard port in the DHCP dns-server option either.
Thanks for any advice,
Kevin
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Albert ARIBAUD
2017-02-08 08:33:09 UTC
Permalink
Hi,

Or if you want to keep a single LAN overall, you could run a second
dnsmasq instance on the same device but a different (additional) LAN
IPs, running DNS only, and configure the DHCP part of the original
dnsmasq instance to tag DHCP leases given to the children machine(s) and
to pass such tagged clients the alternate IP as the DNS instead of the
original IP.

The second dnsmasq instance would only catch the youtube domain and use
the original instance as its upstream for anything else, so that any LAN
DNS record configured on the original dnsmasq would automatically be
see by the children machine(s) too.

Amicalement,
Albert.

Le Wed, 8 Feb 2017 00:53:24 +0000
Post by Eric Luehrsen
Correct <tag> is used for DHCP options and network or host binding.
DNS is not linked as such. If you are using OpenWrt/LEDE as your
gateway, then you have an easier to use option. LEDE 17.01(RC)
supports building dnsmasq instances on designated networks. So
instead of HOME and GUEST SSID on your WiFi, you could have PARENT
and CHILD SSID for example. Then configure dnsmasq uniquely to each.
https://lede-project.org/docs/user-guide/dns_configuration (keyword
instance)
Post by Kevin Elliott
Hello,
I would like to return a different DNS response according to source.
The objective is to override youtube.com <http://youtube.com> for
all queries from my children's devices to make a simple parental
control.
dnsmasq DHCP supports tag sets, but as far as I can tell the tag
conditional switch does not apply to any of the DNS config, e.g.
forward DNS queries from hosts with tag X to server Y.
Is anything like this possible with dnsmasq?
I thought about running a 2nd dns server on a different port and use
dhcp dns-server option to redirect but I couldn't see how to
specify a non-standard port in the DHCP dns-server option either.
Thanks for any advice,
Kevin
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Continue reading on narkive:
Loading...