Different DNS server for guest WiFi


I am going to create a new WiFi guest network for hotel guests based on this guide https://lede-project.org/docs/user-guide/guestwifi_configuration. Does this guide prevent accessing WAN network? Because on WAN I will have my internal network. So I want to allow only internet connection with no access to other clients connected to LAN, WLAN and WAN.

And I need to use different DNS server settings for my private WiFi network and different settings for the guest WiFi.

Specifically, on my private WiFi and all LAN ports I'd like to forward all DNS queries to my primary DNS server (Windows Server with DC and a lot of services) of the WAN network ( And I'd like to forward all DNS queries from the guest network to OpenDNS servers and I'd like to force this DNS settings to all devices connected to the guest network (something like Enable Forced DNS Redirection on DD-WRT).

No idea please?

I have a similar setup: Confusion over how to configure LEDE to use pihole on a separate device

And you could also read this thread, which creates a Safe WiFi for Kids on separate network (of course you don't need all these bells and whistles probably) - And you might need to isolate the "kids" zone as I'm not sure that this "kids" WiFi has blocked access to LAN:

I've not used this thread to configure my guest WiFi. I used the procedure from OpenWrt initially to create it a while ago:

Thanks guys. I need to play with this more. I thought that there will be some easy config or something which si preconfigured, because I was assuming that this setup is quite common, but it looks like there is nothing like this :slight_smile:

A word of advice: Make a good backup before you start playing with zones, firewall rules, etc. :wink:

Fortunately I have a spare device :slight_smile:

While I have been using OpenWrt/LEDE for many years now, I am still very much new when it comes to setting up more complex configurations compared to default settings and also when it comes to sharing settings with the community. I am always open to any kind of help or suggestions.

Do you know what I can do to improve my KidSafe LEDE configuration so that the KidSafe WiFi is more isolated and has blocked access to LAN? Thank you for your time.

Me too have been using for awhile, but I do not pretend to be an expert; that was merely a warning because in its case op wants to use it as a guest space, and your setup is more oriented towards protection of the kids instead of protecting the network itself. I wouldn’t block lan access from my kids because of connected devices available for them (printer, nas, audio system, etc). Compared to guests, they have a more open access.

I kind of liked the way you’ve set it up and it’s most likely that way I’ll set it up on my spare time, and I considered your thread a good reading to give op ideas. So if I had to block access to lan from them, I would have 2 options: since I know their devices, I could simply put a rule in the firewall to deny those MAC towards LAN. I could also block the whole kid zone to access LAN.