Correct way to create multiple dnsmasq instances

rmdir · February 28, 2026, 12:16am

I'm looking into creating multiple dnsmasq instances on my XR500 running OpenWRT 24.10.0 (soon to be running 24.12.0). I'd like to be able to use either adblock or adblock-fast on this second dnsmasq instance to then block ads on only my guest wifi SSID/interface, which I have currently created through the OpenWRT guest wifi luci docs. I may try to shift this to a VLAN configuation instead, but that would be in the future.

I've done some research and it seems as though there's at least one example of doing this (https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#multiple_dhcpdns_serverforwarder_instances).

Would this still be current information? Is there a way to do this with luci instead?
I'm also wondering if there'd be any other steps I'd have to take after this if I wanted to secure the machine.

I found another approach that uses different upstream DNS sources for certain interfaces (https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#dhcp_options), but this is not what I'd like to do.

frollic · February 28, 2026, 1:47pm

Point the normal clients to an upstream DNS like 8.8.8.8 or your ISP's DNS, use local DNS with blocking for guest/IoT.

Basically, if dnsmasq on router is queried, it'll be assumed it should go via adblocker.

rmdir · March 2, 2026, 9:59pm

Interesting, this is definitely much simpler than having two dnsmasq instances running. Thank you, I will look into this.

frollic · March 2, 2026, 11:46pm

https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#dhcp_options option 6 is the one you want.

jpman · March 4, 2026, 2:43am

I have a similar need and like the simplicity of this solution. Based on the guide I’m thinking this could be configured in Luci by entering something like '6,1.1.1.1,8.8.8.8'in the DHCP-Options box on the Advanced Settings tab in the DHCP Server section of the primary LAN interface.

The only downside I can think of for this approach is that it bypasses local DNS caching (and its performance improvements) for devices on the primary LAN. Does that sound right?

If one wanted DNS caching on both LAN interfaces, would multiple dnsmasq instances be needed?

frollic · March 4, 2026, 6:18am

I have this set up myself, on a separate downstream router for guests/IoT, no one's ever complained about the speed.

system · March 14, 2026, 6:19am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.