diff --git a/CHANGELOG b/CHANGELOG
index c69426e..463d38c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -110,6 +110,11 @@ version 2.77
 	    an address in configured locally. Thanks to Alin Năstac
  	    for spotting the problem.
 
+	    Add new DHCP tag "known-othernet" which is set when only a
+	    dhcp-host exists for another subnet. Can be used to ensure
+	    that privileged hosts are not given "guest" addresses by
+	    accident. Thanks to Todd Sanket for the suggestion.
+
 
 version 2.76
             Include 0.0.0.0/8 in DNS rebind checks. This range 
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 38858f5..7d1dea1 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -1021,6 +1021,8 @@ dhcp-host directive (or one implied by /etc/ethers) then the special
 tag "known" is set. This allows dnsmasq to be configured to
 ignore requests from unknown machines using
 .B --dhcp-ignore=tag:!known
+If the host matches only a dhcp-host directive which cannot
+be used because it specifies an address on different subnet, the tag "known-othernet" is set.
 Ethernet addresses (but not client-ids) may have
 wildcard bytes, so for example 
 .B --dhcp-host=00:20:e0:3b:13:*,ignore 
diff --git a/src/rfc2131.c b/src/rfc2131.c
index 1dbcd3e..023a559 100644
--- a/src/rfc2131.c
+++ b/src/rfc2131.c
@@ -487,6 +487,13 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
       known_id.next = netid;
       netid = &known_id;
     }
+  else if (find_config(daemon->dhcp_conf, NULL, clid, clid_len, 
+		       mess->chaddr, mess->hlen, mess->htype, NULL))
+    {
+      known_id.net = "known-othernet";
+      known_id.next = netid;
+      netid = &known_id;
+    }
   
   if (mess_type == 0 && !pxe)
     {
diff --git a/src/rfc3315.c b/src/rfc3315.c
index 836222d..054ecd0 100644
--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -526,7 +526,14 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
       if (have_config(config, CONFIG_DISABLE))
 	ignore = 1;
     }
-
+  else if (state->clid &&
+	   find_config(daemon->dhcp_conf, NULL, state->clid, state->clid_len, state->mac, state->mac_len, state->mac_type, NULL))
+    {
+      known_id.net = "known-othernet";
+      known_id.next = state->tags;
+      state->tags = &known_id;
+    }
+  
 #ifdef OPTION6_PREFIX_CLASS
   /* OPTION_PREFIX_CLASS in ORO, send addresses in all prefix classes */
   if (daemon->prefix_classes && (msg_type == DHCP6SOLICIT || msg_type == DHCP6REQUEST))