I've used the split dnsmasq config for quite a while now for running a "kid safe" network. The IP network is completely separated. This works just fine.
I thought I'd try the AdGuard Home way of parental controls, not to control, but to shield some sites for younger eyes and let's face it, not all of us can distinguish a phishing attempt from the real thing.
Anyway, I've got a USB stick mounted, installed AGH on that and set it up to run as a DNS server for all clients on the network. I now have one single ipv4 network for all clients, including the one for my kids, so they are not on a separate ipv4 network anymore. In order to filter the right clients, I added clients in AGH. I'm tried AGH's DHCP server, but I can't edit, only delete and add new reservations. But, as I have just learned, if you run a lot of Apple devices, mainly the iPhones and iPads, the DHCP reservations are kind of a bummer.
Apple's default behavior on WiFi networks is to spoof a randomly generated MAC address, so the owners of the WiFi network are unable to track your activity based on a MAC address... I haven't discovered the limits of that privacy feature yet, but if I disable using a private MAC address I get this annoying message about a privacy warning on the Apple device in question...
So you can imagine that setting and actually trusting the MAC address as DHCP reservation for Apple devices is not a set and forget thing, on any DHCP server.
So far the clients in AGH based on MAC address and specific filtering is not a bulletproof method. Whether you set AGH as DHCP server, or let dnsmasq hand out fixed IP addresses based on DHCP reservations and use those fixed IP addresses in AGH to identify clients.
But, then there's IPv6... Identifying clients on fixed IPv4 addresses is kinda bulletproof except for Apple's privacy option. On IPv6 there's no telling how to identify with which IPv6 address a client will go on the Internet. It might be one of your ULA addresses OpenWRT hands out, or a public IPv6 address from your provider.
Any clues on how to tackle specific clients in a trustworthy manner to enable filtering with AGH? Because I do like it.