Configure different dns for lans

I've a requirement where I need to configure different dns servers for different lans.
ex: I want 8.8.4.4 should be configured for lan "lan_test" and all the requests should be resolved by 8.8.4.4 requested by "lan_test".

Below is my dhcp config:

config dnsmasq
    option  domainneeded  '1'
    option  boguspriv  '1'
    option  filterwin2k  '0'
    option  localise_queries  '1'
    option  rebind_protection  '0'
    option  rebind_localhost  '1'
    option  local  '/lan/'
    option  domain  'lan'
    option  expandhosts  '1'
    option  nonegcache  '0'
    option  authoritative  '1'
    option  readethers  '1'
    option  leasefile  '/tmp/dhcp.leases'
    option  resolvfile  '/tmp/resolv.conf.auto'
    option  all_servers  '0'
    option  strict_order  '1'
    option  max_ttl  '0'
    list  address  '/mlink.home/192.168.168.1'
    option  allow_ipv6_addrs  '1'
    list  server  '/bind/'
    option  localservice  '1'

config odhcpd 'odhcpd'
    option  maindhcp  '0'
    option  leasefile  '/tmp/hosts/odhcpd'
    option  leasetrigger  '/usr/sbin/odhcpd-update'

config dhcp 'test'
    option  interface  'lan_test'
    option  leasetime  '10m'
    option  start  '10'
    option  limit  '40'
    option  ignore  '0'
    option  dhcpv6  'server'
    option  ra  'server'
    option  ra_default  '1'
    option  ndp  'server'

below is the configuraiton for "lan_test" interface in network file

config interface 'lan_test'
    option  type  'bridge'
    option  dname  'test'
    option  force_link  '1'
    option  disabled  '0'
    option  proto  'static'
    option  ipaddr  '192.168.10.1'
    option  netmask  '255.255.255.0'
    option  dns  '8.8.4.4'
    option  ifname  'eth0.4085'

and in the firewall I added the redirect rule

config redirect 'lan_dns'
    option  name  'lan_dns'
    option  src  'lan_test'
    option  proto  'tcpudp'
    option  src_dport  '53'
    option dest_port '53'
    option  dest_ip  '192.168.10.1'
    option  target  'DNAT'

contents of /tmp/resolv.conf.auto:

# Interface lan_test
nameserver 8.8.4.4
# Interface wan_0
nameserver 172.22.2.1

wan IP of the router is:

172.22.2.100

so, when I run a dig command from the client connected to the "lan_test", like:

dig amazon.com @8.8.8.8

the dns (8.8.4.4) configured for "lan_test" is being picked, but the request goes to 8.8.4.4 and as well as to 172.22.2.1

below is the outpout of tcpdump on wan interface of the router

18:29:15.805620 IP 172.22.2.100.16644 > 8.8.4.4.53: 2048+ [1au] A? amazon.com. (39)
18:29:15.805773 IP 172.22.2.100.16644 > 172.22.2.1.53: 2048+ [1au] A? amazon.com. (39)
18:29:15.866771 IP 8.8.4.4.53 > 172.22.2.100.16644: 2048 3/0/1 A 205.251.242.103, A 176.32.98.166, A 176.32.103.205 (87)
18:29:15.906711 IP 172.22.2.1.53 > 172.22.2.100.16644: 2048 3/6/1 A 176.32.98.166, A 176.32.103.205, A 205.251.242.103 (236)

I want all the request from "test_lan" should be resolved only by the configured dns(8.8.4.4) and not by 172.22.2.1.
what I'm doing wrong? Any help will be greatly appreciated

The goals of defining different DNS in the network configuration:

  • Make the DNS status dependent on the upstream interface status.
  • Provide fault tolerance and load balancing for multiple upstream interfaces.

I.e. it is not suitable for your task.

You have the following options:

still the same issue.
my dhcp file

config dnsmasq 'lan_test_dns'                        
        option domainneeded '1'                      
        option boguspriv '1'                         
        option filterwin2k '0'                       
        option localise_queries '1'                  
        option rebind_protection '1'                 
        option rebind_localhost '1'                  
        option local '/lan_test/'                    
        option domain 'lan_test'                     
        option expandhosts '1'                       
        option nonegcache '0'                        
        option authoritative '1'                     
        option readethers '1'                        
        option leasefile '/tmp/dhcp.leases.lan_test' 
        option resolvfile '/etc/resolv.conf.lan_test'
        option nonwildcard '1'        
        list interface 'lan_test'     
        option notinterface 'loopback'
        list server '8.8.4.4'

config dhcp 'lan_test'                
        option instance 'lan_test_dns'
        option interface 'lan_test' 
        option start '100'                       
        option limit '150'                        
        option leasetime '12h'
        list dhcp_option '6,8.8.8.8'                


config dhcp 'mgmt_lan'
    option  interface  'mgmt_lan'
    option  start  '2'
    option  limit  '253'
    option  leasetime  '10m'
    option  ignore  '0'
    option  dhcpv6  'server'
    option  ra  'server'
    option  ra_default  '1'
    option  ndp  'server'


config odhcpd 'odhcpd'
    option  maindhcp  '0'
    option  leasefile  '/tmp/hosts/odhcpd'
    option  leasetrigger  '/usr/sbin/odhcpd-update'

network config for lan - lan_test

config interface 'lan_test'
    option  type  'bridge'
    option  dname  'test'
    option  force_link  '1'
    option  disabled  '0'
    option  proto  'static'
    option  ipaddr  '192.168.10.1'
    option  netmask  '255.255.255.0'
    option  ifname  'eth0.4085'

firewall config

config redirect 'test_dns'
        option name 'test_dns'
        option src 'lan_test'   
        option proto 'udp'
        option src_dport '53'    
        option dest_ip '192.168.10.1'
        option target 'DNAT'

tcpdump output on wan interface

12:29:18.641283 IP 172.22.2.100.35252 > 8.8.4.4.53: 45531+ A? amazon.com. (28)
12:29:18.641589 IP 172.22.2.100.35252 > 172.22.2.1.53: 45531+ A? amazon.com. (28)
12:29:18.706013 IP 8.8.4.4.53 > 172.22.2.100.35252: 45531 3/0/0 A 205.251.242.103, A 176.32.103.205, A 176.32.98.166 (76)
12:29:18.721040 IP 172.22.2.1.53 > 172.22.2.100.35252: 45531 3/6/0 A 176.32.103.205, A 176.32.98.166, A 205.251.242.103 (225)

I still see the request going to 8.8.4.4 as well as to 172.22.2.1. Shouldn't it be resolved by ONLY 8.8.4.4?

I've got something similar working using multiple dnsmasq instances. Here's a cut-down version of my dhcp config. Specifying list interface and list notinterface properly is important

/etc/config/dhcp
config dnsmasq 'main'
	option domainneeded '1'
	option localise_queries '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option noresolv '1'
	option confdir '/tmp/dnsmasq.d'
	list server '0::1#5453'
	list server '127.0.0.1#5453'
	option dnsseccheckunsigned '0'
	option rebind_protection '0'
	list notinterface 'family'

config dnsmasq 'family'
	option domainneeded '1'
	option localise_queries '1'
	option local '/family/'
	option domain 'family'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases.family'
	option localservice '1'
	option noresolv '1'
	list interface 'family'
	list notinterface 'lo'
	option dnsseccheckunsigned '0'
	list server '127.0.0.1#53535'
	list server '0::1#53535'
	option rebind_protection '0'

config dhcp 'lan'
	option instance 'main'
	option interface 'lan'
	option start '100'
	option limit '150'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option force '1'
	option leasetime '168h'
	option ra_default '1'
	list ip6class 'local'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'streaming'
	option start '100'
	option limit '150'
	option interface 'streaming'
	option instance 'main'
	option leasetime '168h'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option force '1'


config dhcp 'guest'
	option start '100'
	option limit '150'
	option interface 'guest'
	option instance 'main'
	option leasetime '48h'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option force '1'

config dhcp 'familysafe'
	option start '100'
	option leasetime '12h'
	option limit '150'
	option interface 'family'
	option instance 'family'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option force '1'
1 Like

Your configuration must utilize one of the methods described above, currently it does not.

It worked after adding:

option noresolv '1'

But I'm on openwrt version - 15.05.1 which seems to be doesnt support multiple instances of dnsmasq. I can't upgrade to latest version of Openwrt because of my hardware limitation.
I should look for some other way to achieve this.

2 Likes