I currently have all my DNS queries being restricted to only allow my router to send DNS responses. This way clients can't bypass my dns server by specifying their own DNS address.
config redirect 'dns_int' option name 'Intercept-DNS' option src 'lan' option src_dport '53' option family 'ipv4' option proto 'tcp udp' option target 'DNAT'
iptables-save -t nat | sed -e "/\s[DS]NAT\s/d;/\sMASQUERADE$/d" | ip6tables-restore -T nat
This works perfectly right now! My question is, is there a way I can let 1 particular client still have the ability to query external dns servers?
primary router/primary dns: 192.168.0.1
secondary ap/seconday dns: 192.168.0.2
I have a second router that's setup as a backup ap/dns server.