You can set the source address of upstream queries in the --server
option, which can work in some circumstances (and can ensure that the
replies also come back via the VPN, which isn't a given.
In general, this is a routing question: you need to route traffic to
1.1.1.1 via the VPN and do suitable NAT (unless you have a public
address on the VPN) to get the replies back the same way.
It's not trivial; expect a long learning curve.
Simon.
On 07/03/2022 15:26, Ian Bonham wrote:
Hi Everyone,
I can't thank you enough for the work on DNSMASQ, it's an utterly
brilliant piece of software. I'm amazed at the flexibility it gives me
in securing my home network, thank you all who put in so much effort.
Gushing aside, I'm stuck on one config I can't figure out though, so I
wonder if anyone could advise please? My server is routing everything
perfectly, and DNSMASQ is sitting there diligently dealing with DHCP and
DNS, and I have DNSSEC enabled for upstream requests (off to 1.1.1.1 or
1.0.0.1). However I'd quite like to route the upstream DNS requests over
a Wireguard VPN, which is on another interface.
Is there a way to tell DNSMASQ to do it's upstream DNS requests over an
alternative interface, rather than the standard (unencrypted) interface?
Once the data are cached in DNSMASQ internally it's fine, that's on my
internal network and the clients query it. It's the upstream requests
I'm interested in routing privately over my VPN.
Any advice? Many thanks,
Bon
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
