Depending on the DHCP assignment group, clients in the house get one of 3 DNS configurations:

• Normal clients get Surfrock66 Bind DNS, then upstream requests go to Surfrock66 PiHole, then upstream to Google DNS
• Kids clients get Surfrock66 Bind DNS, then upstream to OpenDNS FamilyShield
• Some guest clients get DNS directly from Google

This is a bind server running on sr66-hda at 10.2.2.10 on port 53. It has 3 categories of DNS zones:

• Zones for defining internal access to sites with the same URL as external sites, for example, “nextcloud.surfrock66.com”. These are defined in /etc/bind/named.conf and the zonefiles are in /etc/bind/zones/ under canonical names.
• A single zone for all home clients on the domain hda.surfrock66.com; This is defined in /etc/bind/named.conf and the zone is /etc/bind/zones/hda.surfrock66.com.zone. This file groups clients into logical partitions based on subnet and “subNot” logical partition.
• Reverse lookup zones to resolve host names to IPs. These are defined in /etc/bind/named.conf and the zonefiles are in /etc/bind/zones/ under names in reverse order of octet (so for IP subnet 10.4.3.0/24, the zonefile would be 3.4.10.in-addr-arpa-zone).