Hi Matthias, unfortunately that won't do because I also have bind running on the same machine (please don't ask, long story). So, I was thinking, why couldn't I simply use e.g. server=8.8.8.8@ppp1 as dnsmasq option? With that parameter set, I see the outgoing queries on ppp1 and the replies from the upstream server, but dnsmasq still times out.
Am I misunderstanding the meaning of the @interface option? Regards > Sent: Saturday, September 23, 2023 at 12:31 AM > From: "Matthias May via Dnsmasq-discuss" > <dnsmasq-discuss@lists.thekelleys.org.uk> > > Hi Luigi > > Strictly speaking this has nothing to do with dnsmasq, and is a question > of how to do policy-routing. > I assume you're using linux since you mention iptables. > > A good starting point for policy routing with linux is > https://tldp.org/HOWTO/Adv-Routing-HOWTO/ > respectively https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.simple.html > > What i would do is to create a routing rule that redirects your frames > to a separate routing table. > > By the default the routing rules look like this: > # maym@Orpheus:~$ ip rule > # 0: from all lookup local > # 32766: from all lookup main > # 32767: from all lookup default > > You can create a new routing table (e.g table 100) that contains a > different default gateway. > # maym@Orpheus:~$ sudo ip route add default via 10.0.8.99 table 100 > # maym@Orpheus:~$ ip route show table 100 > # default via 10.0.8.99 dev wlan0 > > Now create a routing rule that matches your traffic and calls the table 100: > # maym@Orpheus:~$ sudo ip rule add pref 100 iif lo proto 17 dport 53 > lookup 100 > # maym@Orpheus:~$ ip rule > # 0: from all lookup local > # 100: from all iif lo dport 53 lookup 100 proto 17 > # 32766: from all lookup main > # 32767: from all lookup default > > Now all traffic originating: > from the device itself (iif lo) > with proto 17 (udp) > to the destination port 53 (dns) > will be directed to the routing table 100 which contains the default > gateway to the router you want to use. > > BR > Matthias > > On 22/09/2023 15:10, Luigi Baldoni wrote: > > Hello, > > after a few days of fruitless efforts, I thought of asking you all directly. > > > > I need dnsmasq to send its queries to the upstream server via a different > > route than everything else. I've tried adding the @interface parameter to > > the --server option but I don't think I quite understand how it's supposed > > to work. > > Then I've attempted to mark the packets originating from the dnsmasq process > > via the iptables owner module, also with little success. > > > > Before I proceed any further with these experiments, I would like to know > > whether I'm missing something, or if someone has found a different way to > > do this. > > > > Thanks > > > > > > _______________________________________________ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss@lists.thekelleys.org.uk > > https://urldefense.com/v3/__https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss__;!!I9LPvj3b!B5ufkCPULSxnt3FjUe0ZvdgQYisVtbnoP_jvcsm9droDBts9Pe8Dsw2EuLsUBxoFy5MKDHvMZKv7X1_ueQ$ > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
