Dnsmasq EDNS ECS how to add per SSH

i have got following configuration for DNS upstreaming

Client 1 --|
Client 2 --|
Client 3 --|—> DNS Server Teltonika Router → DNS Server AdGuard Home → DNS Server WAN
Client N-1–|
Client N --|

The DNS Server AdGuard Home is responsible for filtering DNS queries.
I want the DNS Server AdGuard to show the client IP in its frontend so that I know which client requested which domain. Unfortunately, only the IP of the Teltonika Router is shown.

The problem itself is well known, I have to add the --add-subnet parameter to dnsmasq to add an EDNS Client subnet to the DNS packet.
In blogs, I figured out, that Teltonika saves the dnsmasq config file in /etc/config/dhcp.
I thought it would be enough to add following entry to the config file…

option addsubnet ‘32,128’

(for 32 subnet mask IPv4 and 128 subnet mask IPv6, i.e. the exact client IP is added to the DNS request)

However, after using tcpdump and wireshark it seems as if the info is not added.

Does anyone know which parameter I have to add to which section in which file to tell dnsmasq to add EDNS ECS info?



Since this option is not present in the WebUI, I would suggest using Option 6 in DNS settings on RUT to push your DNS server to the DHCP clients. This way, instead of sending DNS requests to RUT, which then forwards it to the server using its own IP, the DHCP clients would send DNS requests directly to your DNS server.

Kind Regards,

Yes, this would work. The problem is, that this only works for dynamically assigned IPs and only if my AGH DNS Resolver ist the first in the chain of DNS resolvers. I have another DNS resolver for my local domains which is called by Teltonika dnsmasq DNS server.

However, if someone wants to make the Teltonika DNS Server to send client subnet info (WARNING!!! Security issues, inform yourself why), you just have to login via SSH and edit following file


Add following line


Then restart dnsmasq…

/etc/init.d/dnsmasq restart


1 Like

This topic was automatically closed after 15 days. New replies are no longer allowed.