Custom upstream DNS per interface

Hello everyone!

I have two VLANs and I want to configure a custom upstream DNS for both. e.g.: => (VLAN 1) => (VLAN 2)
I've tried using the "Use custom DNS" option in the interface configuration menu, but OpenWRT only uses one DNS server for both interfaces.
Does anyone know how to assign custom upstream DNS servers to each interface?

given that you have VLANs that should have an active DHCP server that provides the IP addresses to your clients, obviously this will directly give the client the IP address of the DNS server or the NTP server it should use

test this:

reference document:

example on my guest interface
for ntp server, option 42

example on my iot interface
for dns server, option 6

1 Like

This won't work for me, because the interfaces are blocked from accessing the DNS server itself. And there is also an adblock running on OpenWRT, where the traffic of both interfaces must travel through. Are there any other suggestions?

You need to configure several DNSMASQ instances in "/etc/config/dhcp", one for each interface, and each instance with a different upstream DNS.



interface <> client.

you have to keep in mind there is a huge difference between what interfaces, in general what openwrt as a computer, and what clients behind owrt router can do or see.

the solution above does work if you want to specify custom DNS for your clients which can be totally different from the one set on interface or otherwise auto-figured by owrt (e.g. delegated by your ISP through wan).

interface in general does not do anything, so when you say

why should they access DNS server? an interface is a representation of owrt, does your owrt device as a computer want to do something? usually ntp (for https) or opkg updates does work directly from owrt but client traffic does not "use" the interface.

but if you want to control upstream DNS per interface you can have multiple dns services (i.e. dnsmasq instances) and set upstream individually as you want.

edit: i was slow to answer ...

I am only providing you with the reference document for having multiple instances of dnsmasq:


Sorry, I meant the clients on the interfaces. They are blocked because the DNS server also has some other services running that clients on those interface are not supposed to access.