DNSFilter Customization Help

[SomeWhereOverTheRainBow]

Is there a way to define more than one custom DNS address for a device, kind of like for example a fall back address?

 

[RMerlin]

Not possible due to the way DNSFilter is implemented.

 

[SomeWhereOverTheRainBow]

Not possible due to the way DNSFilter is implemented.

is it using a python style method?
also
isn't there a way to specify DNS using dhcp inside dnsmasq.conf with mac address as specified option?
if so what could be a good example because this might be another solution for my needs?

 

[Vexira]

Try a pi hole It might be what you are looking for.

You can set up two DNS servers in it then just let it work from there, by setting it's IP in DNS filter.

 

[SomeWhereOverTheRainBow]

Try a pi hole It might be what you are looking for.

You can set up two DNS servers in it then just let it work from there, by setting it's IP in DNS filter.

Pihole is brings too much for my simple needs.

 

[SomeWhereOverTheRainBow]

found what i need

dhcp-host=
dhcp-option=

you do it by specifying a tag to the host and selecting
option:dns-server

 

[SomeWhereOverTheRainBow]

though i do not know what Nat rule i would need to specify for the forcing of it
iptables -t nat -A PREROUTING

 

[ColinTaylor]

found what i need

dhcp-host=
dhcp-option=

you do it by specifying a tag to the host and selecting
option:dns-server

though i do not know what Nat rule i would need to specify for the forcing of it
iptables -t nat -A PREROUTING

You are talking about 2 different things. You either use DHCP (dnsmasq) to issue DNS server addresses to a client or you use DNSFilter (iptables) to intercept outgoing DNS requests and redirect them to another (single) server. It's one or the other.

 

[SomeWhereOverTheRainBow]

I imagine it would go something like this
iptables -t nat -A PREROUTING -m mac --mac-source XX:XX:XX:XX:XX:XX -udp --dport 53 -j DNAT --to-destination DNS-SERVER
iptables -t nat -A PREROUTING -m mac --mac-source XX:XX:XX:XX:XX:XX -tcp --dport 53 -j DNAT --to-destination DNS-SERVER

while
dhcp-mac=set:tag,XX:XX:XX:XX:XX:XX
dhcp-option=tag:tag,option:dns-server,DNS-SERVER

 

[SomeWhereOverTheRainBow]

You are talking about 2 different things. You either use DHCP (dnsmasq) to issue DNS server addresses to a client or you use DNSFilter (iptables) to intercept outgoing DNS requests and redirect them to another (single) server. It's one or the other.

One option would be to specify the DNS, the other option would be to force it if someone tried to manipulate it.

 

[ColinTaylor]

One option would be to specify the DNS, the other option would be to force it if someone tried to manipulate it.

True, but I thought you were trying to force a client to use two different DNS servers. Maybe I misunderstood what you're trying to achieve.

 

[SomeWhereOverTheRainBow]

I just don't know if my iptable rules i have suggested would be adequate.

 

[SomeWhereOverTheRainBow]

True, but I thought you were trying to force a client to use two different DNS servers. Maybe I misunderstood what you're trying to achieve.

to keep it short I have a specific DNS server I want to force certain devices to use, this dns server has certain features, and it would be foolish to use the gui option to specify only one of the addresses without the fallback option.

 

[ColinTaylor]

to keep it short I have a specific DNS server I want to force certain devices to use, this dns server has certain features, and it would be foolish to use the gui option to specify only one of the addresses without the fallback option.

If the main criteria is to force a device to use a particular DNS server regardless of what it is trying to use, then that is what DNSFilter does. But as Merlin said, because of the way it works you can only direct it to one server, it's not possible to specify a "fallback" server.

You can use DHCP to give a client a list of servers that it can try to use, but in that case you can't use DNSFilter to force it to use them, or stop the client using any other server it wants.

 

[RMerlin]

DNSFilter works by intercepting DNS queries at the iptables level, and redirecting them to the specified DNS server. Iptables has no way of knowing if that remote server is up or not, it simply redirects matching traffic to one specific IP.