Different DNS forwarding server for Group

[Percius]

Hello,

I am working on setting up a laptop for my gradeschool children for school. I would like to use a relatively restricted DNS server for them and still keep my normal DNS settings for me.

I have tried to setup dnsmasq to have a separate group for the host, but unfortunately it does not seep to permit a seperate server= flag that is group based. Perhaps I am missing somthing?

I tried to setup a 2nd DNS only copy of dnsmasq, however even with adding an alias interface the 2nd config does not load because there is no way to unbind it from loopback. It seems that this is hard coded in the binary and specifying interface= or conversely excluding an interface does not do this.

My Plan B is to setup the particular hosts to send DNS directly to the upstream provider, however I was trying to avoid doing that because I have multiple DNS based network resources that I still wanted to work. Thus I am presently on Plan-C which would be a small separate linux vhost that is just serving this DNS. this seems a waste but may be appropriate.

Anyone dealt with this, Have ideas?

 

[L&LD]

What router do you have? What firmware version is installed on it?

 

[Percius]

I am sorry, I should have specified this earlier. I didn't consider it central to the question which is primarily DNSMASQ based.

The router is RT-AC88U running ASUSWRT-Merlin 384.19

 

[L&LD]

I would suggest you upgrade to RMerlin v386.2_4 first (many security fixes since the old version you're using).

Then simply use DNSFilter to do what you need. (Look in LAN, DNSFilter tabs).

 

[bbunge]

You can manually assign IP addresses with a specific DNS server in LAN/DHCP Server.

 

[jernau]

I have a separate instance of DNSMasq running on my router to point my kids at a separate filtered DNS resolver whilst still being able to provide local network DNS based resolution. This means you need to have a USB storage device attached and entware installed.

I copied the dnsmasq binary from /user/sbin/dnsmasq to /opt/usr/local/dnsmasq-local and then created the following script as /opt/etc/init.d/S10restricteddns which creates a new network interface on which to run the separate dnsmasq instance and the appropriate dnsmasq-local.conf file to setup the forwarders (I.e. opendns) and local host entries you require. You can then set the ip address in the startup file below as one of the custom DNS resolvers in DNSFilter to point your kids at the new dns server (and ensure they can’t change it !)

#!/bin/sh
start() {
/opt/sbin/ifconfig br0:1 192.168.1.xxx up
/opt/usr/local/bin/dnsmasq-local -C /opt/etc/dnsmasq-local.conf
}
stop() {
killall -9 dnsmasq-local
/opt/sbin/ifconfig br0:1 down
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo "Usage: $0 {start|stop|restart}"
;;
esac

My config file /opt/etc/dnsmasq-local.conf is attached