Im using PI-HOLE as my primary DNS for home network and all clients. Then DNS requests are forwarded to my router like following :
CLIENT DEVICE => PI-HOLE => LOCAL ROUTER => INTERNET DNS
I would like to setup conditional DNS forwarding like following
CLIENT DEVICE => PI-HOLE => LOCAL ROUTER =>
(CLIENT IP 1) => INTERNET DNS 1
(CLIENT IP 2) => INTERNET DNS 2
My problem is that I cant identify original IP adress of DNS request on my router. All DNS queries seems like their origin is PI-HOLE server, so I can not create DNS rules on my router.
Questions :
is it somehow possible to keep original client IP adress when DNS is forwarded to router ?
if no (as it could be standard behaviour) , is it possible to setup upstream DNS based on client IP source adress ?
Thanks , but this mean that I need more PI-Hole servers, each for one client group. My current setup is following :
Client has IP 192.168.2.100 => OK
Client DNS request is send to PI-HOLE server 192.168.2.116 => OK
Then DNS request is processed by PI-HOLE and forwarded to local router => OK
When I check logs on router , all DNS requests seems like they come from PI-HOLE server 192.168.2.116, not from client 192.168.2.100. But origin of this DNS request is not PI-HOLE server. I would need original source IP adress there , not IP adress of PI-HOLE server.
Im not and expert, Im only wondering if its possible or not.
Will the PI log have the original IP? Maybe send the PI Hole log to syslog?
I posted some details on rsyslog reading a flat file, another dude posted some very cool syslog configs as well. See,
In the setup shown in the diagram, the Pi-Hole logs will contain the IP of the clients that made the queries. Pi-Hole keeps a log in /var/log/pihole.log (rotated nightly at midnight) and a long term database in SQL format in /etc/pihole/pihole-FTL.db
Thanks , at the end I have decided to use different approach.
I have created two instances of PI-HOLE DNS servers /LXD virtual machines/ . First as FamilySafe DNS and second for standard use. On router I created PREROUTING rules based on client IP adress.
-- FIRST RULE TO DNS1--
iptables -t nat -A PREROUTING -i br0 -s 192.168.2.101 -p tcp --dport 53 -j DNAT --to 192.168.2.150
iptables -t nat -A PREROUTING -i br0 -s 192.168.2.101 -p udp --dport 53 -j DNAT --to 192.168.2.150
-- SECOND RULE TO DNS2 --
iptables -t nat -A PREROUTING -i br0 -s 192.168.2.102 -p tcp --dport 53 -j DNAT --to 192.168.2.151
iptables -t nat -A PREROUTING -i br0 -s 192.168.2.102 -p udp --dport 53 -j DNAT --to 192.168.2.151
iptables -t nat -A POSTROUTING -j MASQUERADE
This approach is working for me - its not as good as previous one / I need two instances instead of one/, but at least its working and I can set different filtering and upstream DNS servers for each device...