I want to use multiple different DNS services for different clients connected to my hotspot.
e.g. OpenDNS for content filtering, VPN service for getting around Netflix geo-blocking, Google DNS for standard unfiltered browsing.
It seems that I might have to use a combination of techniques to do what I want.
e.g.
- Layer 7 protocol rules for matching netflix.com to send to a VPN type DNS redirect service.
- Mangle rules per source IP for other traffic to direct to either Google or OpenDNS, depending on the “safe surfing policy” I want to apply to that user. (This would also mean assigning static IPs for each user, unless I’m going to dynamically add and remove mangle rules anytime anyone logs in).
In the above, rule 1 should take precedence over rule 2.
Does anyone have some recommendations on the best way to implement this sort of thing?