I have implemented firewall zones etc that these networks cannot communicate, however as the router (10.1.1.1 / 10.50.50.1) uses the same DHCP/DNS instance for both networks, if I perform a DNS lookup for a device on LAN from the SMART-DEVICES network, the query is returned and the IP range of LAN leaked to SMART-DEVICES.
As far as I can see there doesn't seem to be a way to change this behaviour? I also don't see any way to create a seperate DNS instance per interface within the LuCI GUI?
I'm not sure if there is a way to ensure that you have separate DNS resolution for the two networks, but does it actually matter? If the LAN network is properly firewalled from SMART-DEVICES, all that would be possible would be to get a hostname and IP address, but it wouldn't be able to reach any of the LAN devices from the SMART-DEVICES network.
This is not possible. dnsmasq does not contain the functionality to prevent cross-config/cross-network queries. In order to achieve this a second dnsmasq instance on another device would be required.
Yes... I found it is possible to create seperate configuation sections e.g.
config dnsmasq 'name'
option blah
This however does not solve the issue, as dnsmasq does not contain the functionality to prevent cross querying these instances as far as I can tell. Seems you need to just run a completely seperate server/process on a different device.
This can be done without a second device. You just need a second dnsmasq instance running both instances without binding on all interfaces. For the second instance you can use a dummy device, assigning a proper IP. For the firewall you have to allow DNS to the listen IP of you 2nd dnsmasq instance (not the full device as usually).
option nonwildcard '1' #binding dynamically to an interface or just use bind-interfaces (without options) per instance
add_list dhcp.lan_dns.listen_address='127.2.2.2' #for setting where to listen per instance