Posted: Sat Sep 26, 2009 13:06 Post subject: How to force different DNS server for 2 clients on network
I am running DD-WRT v 24-sp2 micro build 12533 (on a WRT54G) and have been using DD-WRT (earlier versions) for a couple years.
I would like to use DD-WRT to force two of the clients (kids PCs) on my network to use a different DNS server (and ONLY that server, if that server/connection should fail, then they should not get a connection to the internet, NOT default to DNS2 and DNS3 provided by Comcast, my ISP). I would like for all OTHER clients on the network to continue to use the DNS severs provided now by Comcast although I’m not sure how this happens as I don’t add them manually, it just works).
I have searched and searched the forums but can’t seem to find the solution. I think it would be in the “Services/Services/DNSMasq/Additional DNS Options” field, but am not clear what to enter. Maybe I have to get into the actual config file, I am not sure.
I have set up “DNS Redirector” as the local DNS server for these clients (kids PCs) and have “DNS Redirector” on a server with the address of 192.168.2.160. The clients (kids PCs) have Static Leases (192.168.2.150 and 192.168.2.151) from the DD-WRT DHCP server. I am NOT asking for help with the “DNS Redirector” software, just how to get the two clients to ONLY use 192.168.2.160 as their DNS server.
Current settings:
My DD-WRT router is 192.168.2.1
Setup/Basic Setup I have Local DNS as 0.0.0.0
Setup/Basis Setup I have all Static DNS servers (1-3) set to 0.0.0.0
Setup/Basis Setup I have Use DNSMasq for DNS “checked”
Services/Services/DNSMasq I have DNSMasq as “enable”
Services/Services/DNSMasq I have LocalDNS as “enable”
I am not really clear on the exact functions/differences of the : DNSMasq vs. LocalDNS vs. the Static DNS server settings, so please explain if required for the solution. I would sincerely appreciate any help offered.
Thanks for your reply. I would rather use OpenDNS but the way I understand it, OpenDNS can't distinguish between different Clients on my network, all it sees is the IP of my DD-WRT router and treats every client the same (because of NAT). If I am wrong, and it can treat different clients differently, please advise.
Thanks, DHC_DarkShadow. This is right on the edge of my understanding/new learning, so let me see if I understand:
If I want to force certain clients on my lan to use the OpenDNS DNS servers, I could post this in the Administration/Commands and then “Save Firewall”, and reboot the router, and reboot the client.
I read the post a few times, and think I have it. The code that I would use to force clients in the IP range of 192.168.151 to 192.168.155 to use the OpenDNS DNS server of 208.67.222.222 is:
Note: I changed the –A to –I and changed the commands to use the IP range instead of the interface.
I tried this command, but it DOES NOT seem to have any effect on the clients. Also when I run this from the C prompt command line of the client: "ipconfig /all" it shows that the DNS Server is the IP of the DD-WRT router.
Joined: 22 Jun 2008 Posts: 2440 Location: Am now Dark_Shadow
Posted: Sat Sep 26, 2009 15:52 Post subject:
That's where the tutorial comes in, follow it. Then put the dns servers you use in the pc's that aren't in the range of the restriction in the script. _________________ The New Me
Your netmask is way too small and includes 1/32 of all addresses, it's supposed to be a /25 mask so that it only includes 192.168.1.128 to 192.168.1.255. I cleaned up the wiki to correct this oversight. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
OK, I did get it working per the tutorial. Thanks for the guidance. Of course there is just one “problem”. Having to enter the Comcast DNS (unfiltered) on all of the “adult” computers is OK for the “Desktop” clients, but is a pain on the 2 laptops, because they leave the house almost daily, and then when on a hotspot or work network, I have to manually remove the static Comcast DNS every time . . . and then re-add it when I get home.
I was wondering why I couldn’t create a firewall rule for both groups, and have the DD-WRT router do the work. So IPs over 192.168.2.200 go to OpenDNS and addresses below that go to Comcast DNS. I tried the code below in the Firewall commands, but it did not work, and all clients got routed to OpenDNS. Any thoughts on how to make this work? What do you think about this idea?
/99 isn't a valid subnet mask so the entire rule is invalid and never gets added. Use these:
192.168.2.0/25 ============== this means 192.168.2.0 to 192.168.2.127
192.168.2.128/25 ============ this means 192.168.2.128 to 192.168.2.255 _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Interesting! So in the "/X" after the starting IP address does NOT mean "the next 'X' IP addresses, it looks like it is a percentage of something, so that:
/25 = the next 128 IP addresses
/50 = the next 256 IP addresses
Is this correct?
I'm going to understand this sooner or later, thanks!