I needed a way to have OpenDNS distributed to my kid's devices to filter their limited Internet usage.
Using an OpenSUSE Leap Linux VM on an ESXi chassis, I created a DHCP scope that does just this.
Only "known-clients" are given 8.8.8.8 for DNS. Known-clients are those with static mac-address entries in the conf file. "Unknown-clients" include everyone else (not listed with static mac-addresses).
Note: I had to use the "allow" and "deny" statements (in both pools) to get this work.
Note: The firewall only allows certain devices to get to any public DNS. The children's devices are limited to DNS queries to OpenDNS only (even if a static IP is assigned).
option domain-name "home";
option routers 10.12.14.16;
option ntp-servers 0.pool.ntp.org;
default-lease-time 345600;
ddns-update-style none;
subnet 10.12.14.0 netmask 255.255.255.0 {
default-lease-time 345600;
max-lease-time 604800;
host iPhone {
option domain-name-servers 8.8.8.8, 8.8.4.4;
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 10.12.14.2;
}
pool { # id="LowRange"
option domain-name-servers 8.8.8.8, 8.8.4.4;
range 10.12.14.2 10.12.14.24;
deny unknown-clients;
allow known-clients;
}
pool { # id="highRange"
option domain-name-servers 208.67.222.222, 208.67.220.220;
allow unknown-clients;
range 10.12.14.25 10.12.14.240;
deny known-clients;
}
host IBMETH {
hardware ethernet xx:xx:xx:xx:xx:xx;
}
host JiPad {
hardware ethernet xx:xx:xx:xx:xx:xx;
}
}
