Configuring Per-Client DNS Servers in DNSMasq with TomatoUSB for Selective DNS Resolution


3 views

When managing a network with TomatoUSB and DNSMasq, administrators often face situations where certain clients require non-standard DNS resolution while rejecting manual DNS configuration. This typically occurs with IoT devices, gaming consoles, or corporate devices with locked-down network settings.

The most elegant solution leverages DNSMasq's built-in capability to assign specific DNS servers to individual clients. In your /etc/dnsmasq.conf or TomatoUSB's DNSMasq configuration section, add:


# Assign special DNS servers to specific MAC addresses
dhcp-host=00:1A:2B:3C:4D:5E,set:specialdns
dhcp-option=tag:specialdns,6,8.8.8.8,8.8.4.4

# Alternative using IP addresses
dhcp-host=192.168.1.50,set:specialdns

This works by:

  1. Tagging specific clients with a label (specialdns in this case)
  2. Applying DHCP Option 6 (DNS servers) only to tagged clients
  3. Maintaining default DNS for all other clients

After applying changes, restart DNSMasq and verify with:


dnsmasq --test
service dnsmasq restart

On the client machine, check DNS assignment with:


# Windows
ipconfig /all

# Linux
nmcli dev show | grep DNS

For more complex scenarios where clients need different DNS behavior without complete server replacement:


# Forward specific domains differently for tagged clients
server=/internal.example.com/10.0.0.1
server=/special.example.com/8.8.8.8@00:1A:2B:3C:4D:5E

If clients aren't receiving the custom DNS:

  • Verify MAC/IP addresses are correctly entered
  • Check for conflicting DHCP reservations
  • Confirm the client actually requests DHCP options (some devices ignore offered DNS)

When managing a network with TomatoUSB and DNSMasq, you might encounter devices that stubbornly refuse manual DNS configuration (looking at you, IoT gadgets and certain mobile devices). Here's how to force specific clients to use alternate DNS servers while maintaining standard resolution for others.

The secret lies in DNSMasq's ability to combine DHCP assignments with DNS server declarations. In your dnsmasq.conf:

# Assign IP and force DNS servers for specific MAC
dhcp-host=AA:BB:CC:DD:EE:FF,192.168.1.50,set:dns-group1
dhcp-option=tag:dns-group1,6,208.67.222.222,208.67.220.220

# Default DNS for other clients
dhcp-option=6,8.8.8.8,8.8.4.4

If you prefer IP-based assignment instead of MAC addresses:

# Create a DHCP range for special clients
dhcp-range=set:dns-group2,192.168.1.100,192.168.1.150,12h
dhcp-option=tag:dns-group2,6,1.1.1.1,1.0.0.1

After restarting DNSMasq, verify assignments with:

cat /var/lib/misc/dnsmasq.leases

Then test DNS resolution from the target client:

nslookup example.com

For complex scenarios where you need domain-specific forwarding for certain clients:

# Only apply to clients in dns-group3
dhcp-host=00:11:22:33:44:55,set:dns-group3
server=/internal.company.com/10.0.0.53
server=/internal.company.com/10.0.0.54

When things go wrong, check these logs:

tail -f /var/log/dnsmasq.log
dnsmasq --test