Hi,
as a workaround you can do something like this:
Let the alternative DNS server run on another port, like 1053. Then for
all vlan interfaces that should use the alternative server include a
PREROUTING iptables rule to redirect the post just on those interfaces
to port 1053. DNS will announce itsself on the DHCP, but as the packets
get redirected before they reach dnsmasq, the alternative server takes over.
This will redirect port 53 on interfac|e "||vlanintf|" to port 1053 on
same interface for UDP and TCP (some DNS packets go via TCP, too). It
has rules for both IPv6 and IPv4:
|iptables -A PREROUTING -t nat -i vlanintf -p udp --dport 53 -j REDIRECT
--to-port 1053 ||iptables -A PREROUTING -t nat -i |||vlanintf |-p tcp --dport 53 -j REDIRECT --to-port 1053|
|ip6tables -A PREROUTING -t nat -i |||vlanintf |-p udp --dport 53 -j REDIRECT
--to-port 1053|
|ip6tables -A PREROUTING -t nat -i |||vlanintf |-p tcp --dport 53 -j REDIRECT
--to-port 1053|
Hope that helps,
Uwe
||
Am 21.04.2023 um 03:18 schrieb Tony Zhou:
Hi,
I am running dnsmasq 2.86 on openwrt, and have multiple vlans in my
network. dnsmasq works great for dhcp purposes (for both dynamic and
static leases) that I need for all interfaces/vlans. However, some of
the vlans I do not need/want to have dnsmasq providing dns, but
another dns server for content filtering purposes.
I'd prefer to keep both dns servers on the same host/router, but the
way dnsmasq works, either binding to interfaces, or wildcard, binds to
all port 53, so that the 2nd dns server can't bind.
It appears that when dnsmasq is set to bind to interfaces, it has to
either offer both dns and dhcp, or skip dhcp by "--no-dhcp-interface"
argument, but there is no counterpart "--no-dns-interface".
Setting port=0 disables dns service on all interfaces, which is not
what I wanted as well.
I did found there were two discussions regarding this:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2011q4/005335.html
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015429.html
Running two instances of dnsmasq doesn't resolve this issue, since I
still rely on dnsmasq's dhcp.
Thanks.
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
--
Uwe Schindler
Achterdiek 19, D-28357 Bremen
https://www.thetaphi.de
eMail:u...@thetaphi.de
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
