I had been running dnsmasq on a machine on my network and using addn-hosts for ad blocking. My router was configured with my ISP's DNS servers.
I used "net:red" to assign the router as DNS server for certain devices (Roku streamers, notably) to avoid the ad blocking, because some of the apps on the router would not work properly with the ad blocking in place. This told those devices to go directly to the router for DNS services. router/gateway 192.168.2.1 dnsmasq machine 192.168.2.11 ## dnsmasq.conf fragment domain-needed bogus-priv no-resolv local=/artg.tv/ interface=eth0 domain=artg.tv server=8.8.8.8,8.8.4.4 dhcp-option=option:dns-server,192.168.2.11 ## use dnsmasq machine for DNS dhcp-option=net:red,option:dns-server,192.168.2.1 dhcp-host=00:01:03:27:84:95,192.168.2.15,martha ## typical of computer assignments dhcp-host=d8:31:34:36:d0:18,192.168.2.135,ROKU-1-WIFI,net:red ## typical of ad blocking avoidance ## end dnsmasq.conf fragment This all worked fine. Then I obtained a newer router and installed OpenWRT on it. This, too, worked fine until I moved dnsmasq onto the router. The configuration now looks like this: router/gateway 192.168.2.1 dnsmasq machine 192.168.2.1 ## dnsmasq.conf fragment domain-needed bogus-priv no-resolv local=/artg.tv/ interface=br-lan domain=artg.tv server=8.8.8.8,8.8.4.4 dhcp-option=option:dns-server,192.168.2.1 ## use dnsmasq on the router for DNS dhcp-option=net:red,option:dns-server,8.8.8.8,8.8.4.4 ## Google public DNS servers dhcp-host=00:01:03:27:84:95,192.168.2.15,martha ## typical of computer assignments dhcp-host=d8:31:34:36:d0:18,192.168.2.135,ROKU-1-WIFI,net:red ## typical of ad blocking avoidance Now the Roku streamers and some of the apps on them aren't so happy. Despite the "net:red" tag, dnsmasq is intercepting all DNS requests and it is returning 0.0.0.0 when the host being looked up is in one of the addn-hosts files. I have DHCP and DNS logging turned on in dnsmasq and can see the Roku streamers ask for option 6 (dns-server) and they get the expected response (the Google DNS servers). Yet when they make a DNS request, its being processed by dnsmasq and the add-hosts files are being consulted, the result being that hosts listed in one of the files have their IP address returned as 0.0.0.0. I suppose this is expected, as dnsmasq is acting as a DNS relay only if it cannot resolve the request, and since the ad hosts are listed in an addn-hosts file, dnsmasq -can- resolve the request despite it not being within the local, private IP address block. I'm thinking I need a second dnsmasq instance configured to handle those devices that cannot have ad blocking, and the appropriate division of configurations, including complimentary use of the "ignore" option to dhcp-host on the two configurations. Is there a simpler way to deal with this? And no, I'd rather not move back to using a machine on the network for dnsmasq if I can avoid it. Thanks. -- Art Greenberg a...@artg.tv _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss