1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Scripting: Possible to route specific IPs to specific DNS servers w/dnsmasq and host file ad-blockin

Discussion in 'Tomato Firmware' started by s0dhi, Jul 16, 2009.

  1. s0dhi

    s0dhi LI Guru Member

    Hi Folks,

    I was wondering if some of the scripting/config gurus could help me out with a scenario.

    While using DNSmasq and intercepting (and caching) all of the dns queries, is it possible to route specific IP addresses to a specific DNS server and by pass the cache?

    The scenario is when using OpenDNS to block content in general for children on the network and have the adults still be able to access the net unfiltered, BUT still use the hosts based adblocking. My initial thought was to have the openDNS servers as static and use the ISP supplied DNS using strict-order. That would get them in the ordered list. But the part I can't figure out is how to specify that certain IPs or MACs use the ISP supplied server (or the opposite if its easier).

    Any thoughts?
  2. Toastman

    Toastman Super Moderator Staff Member Member

  3. s0dhi

    s0dhi LI Guru Member

    Thanks Toastman, I'll have a look at the script!
  4. s0dhi

    s0dhi LI Guru Member

    Thanks again, Toastman!

    This solution works like a charm as long as the check box for "Intercept DNS Port (UDP 53" is unchecked.

    Is there way to reference one of the 3 possible DNS servers in that command dynamically? I was thinking that the OpenDNS servers would be entries 1 & 2 and that I would check the "Use Received DNS with Static" using strict order to order them with OpenDNS first.

    Would it be possible to modify this statement so that it is something like:

    dhcp-option=net:red, 6, <reference to 3rd DNS server in list - ISP provided)

    Thanks again.
  5. Toastman

    Toastman Super Moderator Staff Member Member

    I don't think there is a way to do this. But perhaps someone else might offer a suggestion. because I may be wrong!! But usually the ISP provided server have a known fixed IP address, if so, then that makes it easy. My ISP for example, has 2 DNS servers, they haven't changed in years.
  6. s0dhi

    s0dhi LI Guru Member

    That makes sense. I don't think the ones here have changed either - I was just curious if it could be totally dynamic. :thumbup:
  7. s0dhi

    s0dhi LI Guru Member

    One last question... the "red" in your scripting is just an alias or name that you've assigned to that set of configs, right?
  8. mstombs

    mstombs Network Guru Member

Share This Page