As an overall solution i'd like to split dns resolving between different servers, using dnsmasq.

i.e. Default to dns server A, unless explicitly set to dns server B per host (mac).

I'd like to split my network into dnsmasq tagged subnets, for this example say:

192.168.1.80-150 = green

192.168.1.40-50 = red

I would like dhcp leases to be handed by, by -default- tagged green, except for a few specific MACs where I would like to hand out the red tag. I have this part working successfully (I believe), where i explicitly set it by MAC - but what i would like is for everything -unless specified otherwise- to default to green.

I would then like to say "for all green tags, give them dns server A as their resolver", "for all red tags, give them dns server B as their resolver".

is this possible?

I have the following config that does not seem to work:

--8<--
dhcp-range=set:green,192.168.1.80,192.168.1.150,infinite
dhcp-range=tag:red,192.168.1.40,192.168.1.50,infinite

dhcp-option=net:green,option:dns-server,8.8.8.8,8.8.4.4
dhcp-option=net:red,option:dns-server,192.168.1.11    

dhcp-host=AA:BB:CC:DD:CC:BB,redhost1,192.168.1.41,infinite,net:red
dhcp-host=BB:CC:DD:AA:BB:00,greenhost1,192.168.1.81,infinite,net:green

dhcp-option=option:router,192.168.1.1
--8<--

This does not seem to work however, I have different hosts being assigned different ip addresses based on whether i have matched their MAC, and then it seems as if the dns server is not correctly being handed out.

I believe the dns server is not being handed out because a "cat /etc/resolv.conf" on one of the hosts shows 127.0.0.1.

To summarise my queries:

1. Can i make everything default to 'green', unless explicitly set to 'red' by MAC (at the moment I am having to explicitly put the mac of everything into the conf file)?
2. Can i specify different DNS servers, for different tagged networks?
3. For extra clarity I am a bit confused about the different between "tag" and "set" and in googling have found references to both, a short and clean definition of these would be great.

thanks very much

ok, i fixed it (wrt my particular request) and i'll post what i've got here in case it helps someone else.

so my requirement was handing out different dns server (and perhaps different gw) to different hosts, and this seems to work:

dhcp-range=set:green,192.168.1.80,192.168.1.150,infinite

# red network
dhcp-host=11:22:33:44:55:66,hosta,192.168.1.11,infinite,set:red
dhcp-host=66:55:44:33:22:11,aa:bb:cc:dd:ee:ff,hostb,192.168.1.12,infinite,set:red

# green network mobile
dhcp-host=dd:dd:dd:dd:dd:dd,android1,192.168.1.21,infinite,set:green
dhcp-host=cc:cc:cc:cc:cc:cc,android2,192.168.1.22,infinite,set:green

unless expicility set otherwise, everything is tagged green. Some certain MACs are tagged red. Then to do the different dns server and different gw you can do:

# options
dhcp-option=tag:green,option:dns-server,192.168.1.1,192.231.a.b   # ,8.8.8.8,8.8.4.4
dhcp-option=tag:red,option:dns-server,192.168.1.c
dhcp-option=tag:green,option:router,192.168.1.1
dhcp-option=tag:red,option:router,192.168.1.c

some other notes / context that i found helpful about this, and also about the net / set / tag options:

• The optional set: sets an alphanumeric label which marks this network so that dhcp options may be specified on a per-network basis. When it is prefixed with 'tag:' instead, then its meaning changes from setting a tag to matching it. Only one tag may be set, but more than one tag may be matched.
• More than one tag can be set in a dhcp-host directive (but not in other places where "set:" is allowed)
• This system evolved from an earlier, more limited one and for backward compatibility "net:" may be used instead of "tag:" and "set:" may be omitted. (Except in dhcp-host, where "net:" may be used instead of "set:".) For the same reason, '#' may be used instead of '!' to indicate NOT.

therefore i think it's safe to just:

• use set and tag, and avoid using net (since it's the old way)
• use set in your dhcp-range and dhcp-host, to assign the tags, and
• use tag in your options to match the tags that you've already set.
• as an aside on of those dhcp-hosts you can see with multiple mac addresses, because it's the eth0 and wlan mac's for the same box.

seems to work for me anyway, perhaps this will help someone.

In case this helps someone else, I was trying to do something similar and my Google searches brought me to this page, but I couldn't get the solution here to work on my router. I eventually found a simple way to get the results I wanted.

My situation: I have two PiHole DNS servers on my LAN. My main router is a Linksys WRT3200ACM running DD-WRT. I have a mesh WiFi system running in access point mode with the WRT as the router and DHCP server. The WiFi can broadcast a guest network SSID and isolate the guest clients from the LAN, but the guest devices can't reach the LAN DNS servers due to that isolation.

Since I use DHCP reservations for all the known devices on my network, they end up with IPs outside of the normal DHCP range. I tried to take advantage of that and tag devices in the DHCP range, but I had no success using the "dhcp-range=set:red..." directive. The only success I had in tagging a host was by MAC address, but I didn't want to have to add each MAC to the additional DHCP options.

I found a reference to a 'special "known" tag' here: https://github.com/mirror/dd-wrt/blob/master/src/router/dnsmasq/dnsmasq.conf.example and using that worked to solve my issue.

All I have in the DHCP options box is:

dhcp-option=tag:known,6,192.168.0.xxx,192.168.0.yyy
dhcp-option=tag:!known,6,1.1.1.1,1.0.0.1

Unknown devices (on any VLAN) will get the internet servers, and devices on the guest network will always be 'unknown'. As soon as I add a new known device to the DHCP reservation list, it will use the local DNS.

why not change the mind to setup 2 dhcp sections over 2 vlans with just 1 dnsmasq service, and make the 2 vlans communicate with each other through their gateways (or not).