dnsmasq config files constrained to Yazfi interface?

[WhatHappenedToMyRouter]

Hello!

I'm trying to apply separate dnsmasq .conf files to specific wireless interfaces (as seen in YazFi)

I've exhausted gemini, chatgpt, and grok with this. They all are like "OK THIS IS THE 100% working script!" 20x in a row, but everything they ask me to try hasn't worked.

They all continue to ask me to try things that don't work, even after explaining that they don't work, so I supposed it's hallucinating like crazy.


In my /jffs/configs/dnsmasq.conf.add file I have this declaration: conf-dir=/jffs/configs/dnsmasq.d,*.conf

I have a /jffs/configs/dnsmasq.conf.d/global.conf which is applied, and works great. It redirects major search engines to their "safe" IP and blocks other things.

I have another file /jffs/configs/dnsmasq.conf.d/spacewifi.conf which is intended for a Yazfi network. I've found that the interface for this wifi network in /jffs/addons/YazFi.d/config and it's wl1.2

So in my spacewifi.conf, the lines are a collection of blocks:
address=/facebook.com/0.0.0.0

However, I can't get it to just apply to the specific subnet that spacewifi is on (192.168.6.0/24) no matter what combination of interface, dhcp-range, dhcp-option that I try :-(

Has anyone successfully gotten dnsmasq to work with a specific subnet or with a Yazfi interface?

 

[bennor]

@WhatHappenedToMyRouter, what are you trying to achieve by using custom configuration files with YazFi? Block specific websites? Set manual IP reservations for YazFi Guest clients? Something else?

If you haven't seen the Asus-Merlin wiki's entry on custom config files you might want to review it.

Custom config files

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

Please don't use AI like gemini, chatgpt, and grok to generate code for Asus-Merlin. As you discovered, its terrible at it. Instead, if you haven't done so already, use the search feature of this site and search the subforum(s). There are numerous posts showing example coding for custom config files on Asus-Merlin.

PS: It will likely add context if you include your router model and specific Asus-Merlin firmware it is running along with any additional addon scripts you have installed.

 

[WhatHappenedToMyRouter]

Thanks! I've searched the forums fairly extensively and wasn't able to find a solution to this.

I'm using 3004.388.9_2 on an RT-AX86U. I have installed amtm, diversion, skynet, yazfi, unblound manager, and scMerlin.

As you probably know, Yazfi describes the wireless interfaces in /jffs/addons/YazFi.d/config. I'm interested in having dnsmasq honor specific interfaces, not all of them at once.

For adblocking and nsfw content, I do already have oisd big and oisd nsfw applied /w Diversion, and this effects all interfaces. However, this is not the end of my requirements.

More specifically, I want to apply rules like the below *only* to a specific Yazfi interface (wl1.2 in my case) by using dnsmasq:

# Force Google SafeSearch
host-record=forcesafesearch.google.com,216.239.38.120
cname=www.google.com,forcesafesearch.google.com

# Force Bing Family Filter
host-record=strict.bing.com,204.79.197.220
cname=www.bing.com,strict.bing.com

# Force YouTube Restricted Mode
# Force DuckDuckGo SafeSearch
host-record=safe.duckduckgo.com,52.149.247.1
cname=duckduckgo.com,safe.duckduckgo.com

# Force Brave Search SafeSearch
host-record=safesearch.brave.com,3.33.205.124
cname=search.brave.com,safesearch.brave.com

#blackhole these other engines
# Black hole other search engines, including Yandex
address=/www.baidu.com/0.0.0.0
address=/baidu.com/0.0.0.0
address=/www.yandex.com/0.0.0.0
address=/yandex.com/0.0.0.0
etc...

Note: I know there are other ways to potentially get this done:

1. point Yazfi to another DNS server on my network entirely
2. set up another dnsmasq process on the router to listen for requests on another port besides 53 (due to binding conflicts), and use iptables to forward requests on port 53 (from the specific subnet for the Yazfi interface) and forward those to the port the additional dnsmasq is using.
3. Reconfigure the base dnsmasq to not bind to all interfaces, and create a dnsmasq process for each subnet.
4. etc...

These solutions are an administrative PITA for me though, so I was hoping to get something more simple like tagging working.