I'd like to be able to route to different DNS servers based on IP or MAC i.e.
- I've got a couple of media devices I'd like to route to Unotelly
- I'd like to route all the kids devices to OpenDNS
- and all other devices to my ISP's DNS servers
Finally I'd like to enforce these settings so that users can't provide there own DNS servers.
Is this possible?
Using LAN IP to route to different DNS?
Moderator: Moderators
Re: Using LAN IP to route to different DNS?
Come on guys, don't be shy!
OK, maybe you just like a challenge so to get you started here is what I have so for.
- I've defined a range of IP addresses that I wish to protect with OpenDNS (192.168.0.96/27 = 192.169.0.97 - 192.169.0.127)
- For the devices that I want to protect I get the router to assign addresses in the above range based on MAC and enforce this so that the users can't set their own IP.
- In the firewall I defined iptables rules to route any port 53 activity (DNS) to OpenDNS. These rules will be applied regardless of any DNS server settings
- I configured Gargoyle with my ISP DNS settings buy allow clients to use their own
- Media devices are configured separately to point to the Unotelly DNS servers
The only thing I don't like about the above solution is that there is no way to provide the protected subnet with a secondary DNS server.
Now I've got the ball rolling maybe someone can come up with a better solution. I'm wondering if dnsmasq may be helpful here?
OK, maybe you just like a challenge so to get you started here is what I have so for.
- I've defined a range of IP addresses that I wish to protect with OpenDNS (192.168.0.96/27 = 192.169.0.97 - 192.169.0.127)
- For the devices that I want to protect I get the router to assign addresses in the above range based on MAC and enforce this so that the users can't set their own IP.
- In the firewall I defined iptables rules to route any port 53 activity (DNS) to OpenDNS. These rules will be applied regardless of any DNS server settings
- I configured Gargoyle with my ISP DNS settings buy allow clients to use their own
- Media devices are configured separately to point to the Unotelly DNS servers
The only thing I don't like about the above solution is that there is no way to provide the protected subnet with a secondary DNS server.
Now I've got the ball rolling maybe someone can come up with a better solution. I'm wondering if dnsmasq may be helpful here?
Re: Using LAN IP to route to different DNS?
I managed to do it the other way....depending on the domain to be accessed, use this nameserver...
In my case an app on my iphone was going through the unblockus DNS servers - and breaking as it was blocked by my country.
In the dnsmasq.conf file I added an entry that when accessing content from this site, use my ISPs DNS server.
http://www.geekzone.co.nz/davidcole/8351
In my case an app on my iphone was going through the unblockus DNS servers - and breaking as it was blocked by my country.
In the dnsmasq.conf file I added an entry that when accessing content from this site, use my ISPs DNS server.
http://www.geekzone.co.nz/davidcole/8351
Re: Using LAN IP to route to different DNS?
Connection > Basic > "Force Clients To Use Router DNS Servers"
At least answers part of your question.
-jp
At least answers part of your question.
-jp