Allow different DNS for each group

In Pi-hole 5, we have groups now. It would be great if one could specify different DNS servers for each group (typically, for kids).

Thank you.

I'm looking for this exact feature! Would save me having to run multiple piHoles only for the purpose of selecting upstream DNS!


What is the benefit of being able to use different upstream servers per client? I'm just asking this as it would be a massive work to get this implemented so it should be well-justified.

For my purpose I have kids on a separate VLAN, I use OpenDNS for their vlan, and google for other VLANS.

192.168.100.X =
10.0.40.X = OpenDNS
10.0.30.X =

As per the original post, it should be configured by "group"

Group A = = (default)
Group B = = OpenDNS
Group C = = (default)

This would be a great addition. At the moment I work around it by having 3 PIs running :slight_smile:

My use-case is

  • I want my kids, known devices via static DHCP (pfSense) assignment, to be on
  • I want my personal and wife's devices on
  • I want my research devices on

I think Groups is a brilliant addition and now needs one more extension in functionality.


1 Like

I just want to clarify that this not being available has nothing to do with us not wanting this feature but rather the amount of work (and testing) required here.

We wrap tightly around the embedded DNS server dnsmasq. Client-individual behavior is something we added on top by being able to short-circuit some queries (the blocked ones). All other (non-blocked) queries are just sent back and are all handled as they would be without any Pi-hole intervention.

Concerning which DNS server to use, dnsmasq picks the "best" DNS server (in case you configured more than one) by infrequently sending some queries to all configured DNS servers and then favoring the one that replied fastest.

We could maybe overwrite this favorite server for specific queries but this is just an early idea and I'm not sure yet if there would be any drawbacks.

Another open question is: How could this be added to the existing group management interface? If we add a new page where you can add servers to groups, how would we handle if clients belong to multiple groups and/or multiple DNS servers are selected for one and the same group? I wouldn't want to implement a second level performance-measurement strategy (we cannot reuse the existing one) to determine the "best" DNS server for any individual client. This would slow down Pi-hole quite drastically and cause a lot of traffic.

My current best guess it that in case of such an unclear configuration would be to pick any of the configured ones without investing any effort into which one to pick (it'll likely be the first one in the database) and just issuing a warning on the dashboard that the configuration leads to unintentional behavior.

use tags for that:





This may not be what this feature request is requesting, but we should clarify it:
What @Tntdruid suggests is Pi-hole acting as DHCP server telling some clients to use a specific DNS server instead of the Pi-hole. I understood this feature request rather as every client should still use the Pi-hole but then we should ask different upstream servers on behave of the clients.

But this nicely highlights one additional problem: Cache. Assume a parents device asked for and received the correct answer. This answer will then be added to the DNS cache and when the kid's device asks for the same domain, it will immediately get the cached answer instead of forwarding it answer another time. This is because dnsmasq's cache is entirely unaware of what the source of the query was (why should it). Such a configuration could only work if you disable caching at all. This is clearly a showstopper for this feature.


Another use case for this is media streaming devices like roku and fire tv. I use as my upstream DNS and I routinely have to go through the query log and whitelist streaming sites as they change over time. It would be so much easier to allow my media streamers to use I would statically set the DNS servers on my media streamers, but most of them don't allow it.

If you use Pi-hole as the DHCP server, this can be done with a dnsmasq configuration.