Scripting: Possible to route specific IPs to specific DNS servers w/dnsmasq and host file ad-blockin

    Hi Folks,

    I was wondering if some of the scripting/config gurus could help me out with a scenario.

    While using DNSmasq and intercepting (and caching) all of the dns queries, is it possible to route specific IP addresses to a specific DNS server and by pass the cache?

    The scenario is when using OpenDNS to block content in general for children on the network and have the adults still be able to access the net unfiltered, BUT still use the hosts based adblocking. My initial thought was to have the openDNS servers as static and use the ISP supplied DNS using strict-order. That would get them in the ordered list. But the part I can't figure out is how to specify that certain IPs or MACs use the ISP supplied server (or the opposite if its easier).

    Any thoughts?
    Thanks Toastman, I'll have a look at the script!
    Thanks again, Toastman!

    This solution works like a charm as long as the check box for "Intercept DNS Port (UDP 53" is unchecked.

    Is there way to reference one of the 3 possible DNS servers in that command dynamically? I was thinking that the OpenDNS servers would be entries 1 & 2 and that I would check the "Use Received DNS with Static" using strict order to order them with OpenDNS first.

    Would it be possible to modify this statement so that it is something like:

    dhcp-option=net:red, 6, <reference to 3rd DNS server in list - ISP provided)

    Thanks again.
    I don't think there is a way to do this. But perhaps someone else might offer a suggestion. because I may be wrong!! But usually the ISP provided server have a known fixed IP address, if so, then that makes it easy. My ISP for example, has 2 DNS servers, they haven't changed in years.
    That makes sense. I don't think the ones here have changed either - I was just curious if it could be totally dynamic. :thumbup:
    One last question... the "red" in your scripting is just an alias or name that you've assigned to that set of configs, right?
