2

I have a network with a policy where some clients have to use openDNS for page filtering and some are allowed any DNS (e.g. Google DNS). I am using Squid in transparent mode for all connections to the internet. Squid allows defining dns_nameservers for all requests, but is there a way to define different DNS servers based on the client's IP? Or is there any sensible way outside of Squid to force some clients to use openDNS and some use say Google DNS without touching much the client configuration? I have limited access to some clients.

Tominiko
  • 23
  • 2
  • Windows? Linux? Other OS? – Lenniey Apr 13 '18 at 08:24
  • Well, in fact just any. I have a hypervisor on my server so if there is a solution that requires a particular OS, I guess I can deploy it. Currently I am on Windows Server 2012 though. Clients use Windows and Android. – Tominiko Apr 13 '18 at 08:28
  • There are some possibilities, not involving Squid: GPOs for Windows clients, iptables DNAT rules on your gateway, different DHCP scopes and rulesets for different client "ranges", dnsmasq with rules for specific clients, [PowerDNS](https://www.powerdns.com/), etc. I'm not aware that squid can natively set DNS IPs for different clients. – Lenniey Apr 13 '18 at 08:45
  • You mean something like using dnsmasq dhcp-range to tag specific clients and then assigning them a particular DNS like it is suggested here? http://www.linksysinfo.org/index.php?threads/assign-specific-dns-to-only-certain-clients.68865/ – Tominiko Apr 13 '18 at 09:30
  • Yes, exactly. One example to do this. – Lenniey Apr 13 '18 at 09:35
  • Great, thanks for setting me on the right way. Any means of ticking your comment as "accepted answer"? :-) – Tominiko Apr 13 '18 at 09:44

1 Answers1

0

See Per-client DNS servers with DNSMasq for an already answered question (or mark as duplicate, since the dnsmasq answer doesn't really has to do anything with squid.)

Using dnsmasq as DHCP-server, set specific ranges for different clients, for example:

dhcp-host=00:00:00:00:00:01,set:DNS1,192.168.0.1
dhcp-host=00:00:00:00:00:02,set:DNS1,192.168.0.2
dhcp-host=00:00:00:00:01:01,set:DNS2,192.168.0.11
dhcp-host=00:00:00:00:01:02,set:DNS2,192.168.0.12
dhcp-option=tag:DNS1,option:dns-server,8.8.8.8
dhcp-option=tag:DNS2,option:dns-server,8.8.4.4
Lenniey
  • 5,090
  • 2
  • 17
  • 28