I am trying to have all the Chilldren’s devices go through a whitelist which resides on a Pi set as a DNS server. I have already set up a separate Pi-Hole for everybody else and it works perfectly.
To do this I would like to select a Lease from the DHCP Lease list, make it Static, and assign a specific DNS to that MAC address. Is this possible?
To get around this at the moment I have all devices on Static IP/DNS at their OS level which to be fair is quite problematic as even a 8 year old can get around that.
I am running a CCR1016 running 6.38.1 and I connect via Winbox. I have modest experience and can apply and edit scripts.
Much obliged.
Andrew.
Isn’t it easier to make DST NAT to Pi-Hole for DNS queries for particular children’s computers based on their MAC addresses?
The two Pi based DNSs perform two separate tasks:
Pi A - pure whitelist, no other sites shall pass, I manually add/remove domains
Pi B - Pi-Hole removal of adverts, managed by supplied and updated lists
So adults go straight to Pi B then to the internet.
Children go first to Pi A, then Pi B, then internet.
Do you think that can be done at the individual MAC level?
Thanks.
Andrew.
Make Pi B the primary DNS for Pi A so querying PiA involves PiB which removes ads with no additional steps.
Then configure kids’s devices to use PiA and adults to use only PiB.
Absolutely, the problem is that on devices such as an iPad you cannot restrict changes to the WiFi settings, which means that all they have to do is switch the iPad from “manual IP” to “DHCP” and they have free access to the internet.
I’ve never looked at dst-nat but having a little read can I set the MAC address in:
IP → Firewall → NAT → NAT Rules, Advanced TAB
Src. MAC Address: xx.xx.xx.xx.xx
leaving
IP → Firewall → NAT → NAT Rules, General TAB
Chain: dstnat
Dst. Address: 172.16.105.3 - this is Pi A
Protocol: 17 (udp)
Dst. Port: 53
In. Interface: bridge-lan
Doesn’t work…