On Sat, Jul 27, 2019 at 11:34:41AM -0400, Art Greenberg wrote: > I had been running dnsmasq on a machine on my network and using > addn-hosts for ad blocking. My router was configured with my ISP's > DNS servers. > > I used "net:red" to assign the router as DNS server for certain devices > (Roku streamers, notably) to avoid the ad blocking, because some of > the apps on the router would not work properly with the ad blocking > in place. This told those devices to go directly to the router for > DNS services. > > router/gateway 192.168.2.1 > dnsmasq machine 192.168.2.11 > > ## dnsmasq.conf fragment > > domain-needed > bogus-priv > no-resolv > local=/artg.tv/ > interface=eth0 > domain=artg.tv > server=188.8.131.52,184.108.40.206 > > dhcp-option=option:dns-server,192.168.2.11 ## use dnsmasq machine > for DNS > dhcp-option=net:red,option:dns-server,192.168.2.1 > > dhcp-host=00:01:03:27:84:95,192.168.2.15,martha ## typical of computer > assignments > dhcp-host=d8:31:34:36:d0:18,192.168.2.135,ROKU-1-WIFI,net:red ## typical > of ad blocking avoidance > > ## end dnsmasq.conf fragment > > This all worked fine. > > Then I obtained a newer router and installed OpenWRT on it. This, too, > worked fine until I moved dnsmasq onto the router. The configuration > now looks like this: > > router/gateway 192.168.2.1 > dnsmasq machine 192.168.2.1 > > ## dnsmasq.conf fragment > > domain-needed > bogus-priv > no-resolv > local=/artg.tv/ > interface=br-lan > domain=artg.tv > server=220.127.116.11,18.104.22.168 > > dhcp-option=option:dns-server,192.168.2.1 ## use > dnsmasq on the router for DNS > dhcp-option=net:red,option:dns-server,22.214.171.124,126.96.36.199 ## Google > public DNS servers > > dhcp-host=00:01:03:27:84:95,192.168.2.15,martha ## typical > of computer assignments > dhcp-host=d8:31:34:36:d0:18,192.168.2.135,ROKU-1-WIFI,net:red ## typical > of ad blocking avoidance > > Now the Roku streamers and some of the apps on them aren't so happy.
I think that "aren't so happy" needs elaboration. > Despite the "net:red" tag, dnsmasq is intercepting all DNS > requests and it is returning 0.0.0.0 when the host being looked up is > in one of the addn-hosts files. > > I have DHCP and DNS logging turned on in dnsmasq and can see the > Roku streamers ask for option 6 (dns-server) and they get the expected > response (the Google DNS servers). OKay, so far the DHCP part > Yet when they make a DNS request, its being processed by dnsmasq That is _not supposed_ to happen. > and the add-hosts files are being consulted, Because the "red" hosts are on the wrong track ... > the result being that hosts listed in one of the files have their IP > address returned as 0.0.0.0. > > I suppose this is expected, as dnsmasq is acting as a DNS relay only > if it cannot resolve the request, and since the ad hosts are listed > in an addn-hosts file, dnsmasq -can- resolve the request despite it > not being within the local, private IP address block. > > I'm thinking I need a second dnsmasq instance configured to handle those > devices that cannot have ad blocking, and the appropriate division of > configurations, including complimentary use of the "ignore" option to > dhcp-host on the two configurations. > > Is there a simpler way to deal with this? Yes and you are almost there. Explore why red hosts resolve via 192.168.2.1, they shouldn't. > And no, I'd rather not move back to using a machine on the network > for dnsmasq if I can avoid it. Fair enough > Thanks. Groeten Geert Stappers -- Leven en laten leven _______________________________________________ Dnsmasq-discuss mailing list Dnsmasqemail@example.com http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss