Hi,
I'm trying to force all DNS traffic (bypassing hard-coded DNS) originating in a specific device on my network (my TV) to go to a specific DNS server (Getflix).
The problem is that I want it to only hijack a single device based on IP/MAC and not the entire network.
I've been trying for hours to do it for a single device but I couldn't figure it out or find a solution.
Any ideas?
You could theoretically make a firewall rule that applies to a specific IP address on your network and redirects the dns requests. You could also use a force redirect to a pihole, or put the device(s) in question on another subnet and then force that subnet to have the dns redirection.
I'd have to get back to you after trying it... I am pretty sure it is possible, but I'd have to play around a bit (I have not tried this specific scenario).
Fundamentally, you can make a rule that drops all port 53 connections destined for WAN from the source IP you want to control -- that would be the first test. Then, you could refine that by redirecting it via a masquerade to the desired dns resolver instead of dropping it. But I can't tell you specifically how to do this off the cuff, and I'd have to play around a bit (which I cannot do right now).
uci set dhcp.tag1="tag"
uci set dhcp.tag1.dhcp_option="6,8.8.8.8,8.8.4.4"
uci add dhcp host
uci set dhcp.@host[-1].name="j400"
uci set dhcp.@host[-1].mac="00:21:63:75:aa:17"
uci set dhcp.@host[-1].ip="10.11.12.14"
uci set dhcp.@host[-1].tag="tag1"
uci add dhcp host
uci set dhcp.@host[-1].name="j500"
uci set dhcp.@host[-1].mac="01:22:64:76:bb:18"
uci set dhcp.@host[-1].ip="10.11.12.15"
uci set dhcp.@host[-1].tag="tag1"
uci commit dhcp
/etc/init.d/dnsmasq restart