Currently, I have three rules that redirect all DNS queries to my DNS server:
Now, I'd like to create some exceptions, for e.g. any TCP/UDP port 53 queries to 172.16.1.1 should go to source, instead of being redirected, but only when its made from a particular client.
Also, I want the ability to block all queries to 8.8.8.8 and 8.8.8.8 except those made by the DNS server at 10.0.0.10, if that's possible.
Code:
iptables -t nat -I PREROUTING -p tcp --dport 53 ! -d 10.0.0.10 -j DNAT --to 10.0.0.10
iptables -t nat -I PREROUTING -p udp --dport 53 ! -d 10.0.0.10 -j DNAT --to 10.0.0.10
iptables -t nat -I POSTROUTING -d 10.0.0.10 -j SNAT --to 10.0.0.1
Now, I'd like to create some exceptions, for e.g. any TCP/UDP port 53 queries to 172.16.1.1 should go to source, instead of being redirected, but only when its made from a particular client.
Also, I want the ability to block all queries to 8.8.8.8 and 8.8.8.8 except those made by the DNS server at 10.0.0.10, if that's possible.