Different upstream DNS forwarder depending on source

[andre.lackmann]

I have a few network segments in my home network. I want to be able to use NextDNS filtering for my IOT network that I also use to block specific applications when the kids use the wifi.

I currently can achieve this using the NextDNS command line tool in a docker container. I'm just forwarding all DNS requests from that segment to the docker container on another host. I'd prefer to not use this extra service though as it's just another thing to manage.

Is there any way to configure Unbound to use a different upstream DNS server depending on the source net/IP of the request? If not, is there any other way to have OPNSense achieve the same? Appreciate any suggestions

[zan]

Unbound doesn't support it.
You may consider using AdGuardHome plugin, it has support for selective upstream for different sources under its Settings>Client settings.

[andre.lackmann]

I'd rather not switch to AdGuardHome. Is it feasible to use dnsmasq on a different port, port forwarded from that network segment? If Unbound doesn't have the functionality, seems the only other way. But not sure if dnsmasq can do DNS over TLS and have a different upstream from the rest of the gateway. Has anyone done this?