Re: [Dnsmasq-discuss] Does dnsmasq support policy routing instead of default kernel routing?
On 14/04/2025 18:07, Nitesh Divecha via Dnsmasq-discuss wrote: Question: Is it possible for dnsmasq to honor policy routing (e.g., via ip rule) for outbound DNS queries, or to bind its source IP explicitly so Linux routing decisions follow the correct table? It's possible to bind the source IP for traffic to upstream nameservers. See the manpage for the --server option. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Does dnsmasq support policy routing instead of default kernel routing?
On Mon, 14 Apr 2025, Nitesh Divecha via Dnsmasq-discuss wrote: Is it possible for dnsmasq to honor policy routing (e.g., via ip rule) for outbound DNS queries, or to bind its source IP explicitly so Linux routing decisions follow the correct table? This sounds like more of a sysadmin issue than a dnsmasq issue. According to the manpage for ip rule, a rule with iif lo will match all locally generated traffic. Try that (ip rule add iif lo table natlan). ip rule add - insert a new rule iif NAME select the incoming device to match. If the interface is loopback, the rule only matches packets originating from this host. This means that you may create separate routing tables for forwarded and local packets and, hence, completely separate them. -- Peter Tirsek ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Does dnsmasq support policy routing instead of default kernel routing?
Hi all, I'm working on an embedded Linux router setup and had a question regarding how dnsmasq selects the outbound interface for upstream DNS queries. In my use case, I have: • ether1 providing LAN access with DHCP/DNS via dnsmasq • wwan0 (LTE) as the primary WAN uplink • ether0 configured as a fallback WAN I’ve set up policy routing to ensure traffic originating from ether1's IP goes out via wwan0. Here's a simplified view: Default kernel routing table: # ip r default via 172.16.99.1 dev ether0 proto dhcp src 172.16.99.2 metric 30 default via 28.21.173.0 dev wwan0 proto static metric 50 default via 172.16.0.254 dev ether1 proto static metric 998 Custom routing table (natlan) with policy rule: # ip r s t natlan default via 28.21.173.0 dev wwan0 # ip rule 0: from all lookup local 32764: from 192.0.2.2 lookup natlan 32765: from all iif ether1 lookup natlan 32766: from all lookup main 32767: from all lookup default This works fine for general traffic, but I want to ensure that dnsmasq itself sends its upstream DNS queries via wwan0, not ether0 (which it currently does because of the lower metric in the default route). Question: Is it possible for dnsmasq to honor policy routing (e.g., via ip rule) for outbound DNS queries, or to bind its source IP explicitly so Linux routing decisions follow the correct table? Has anyone implemented something similar where dnsmasq's traffic uses a specific interface or follows a source-based policy route? Any help or examples would be greatly appreciated! Cheers, Nitesh ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
