As a Network Administrator, I'm looking to expose additional API Functions to enable more targeted domain blocking via scripts (for example, "Disable DNS for Laptop from 20:00 - 06:00") for better peace of mind.
Based on the below code snippets, this seems rather straightforward to add. Are there any good reasons to not submit this a PR? Absent any other guidance, my only planned testing would be to manually overlay api.php into my container and then test out with an upstream automation:
Scheduled DNS blocking comes with a major caveat:
For any given DNS record, the authoritative DNS server also supplies a TTL value, defining for how long that record would be valid. Clients can be expected to cache those records until the TTL expires, allowing for a low load on DNS server infrastructure. TTLs can be expected to vary by domain and record and could be several minutes, hours, or even days.
Pi-hole would start to block DNS requests immediately at your scheduled time - for any new DNS request it receives.
But clients that already have resolved a domain into an IP address before that may legitimately hold on to that known address until its TTL expires. As a result, you may observe your clients to still be able to access content from sites that you want blocked well into your aspired blocking period.
A safer approach may be to have a firewall (on your router or a on a dedicated firewall device) reject or drop requests to a set of blocked IP addresses. Certain firewalls may allow you to dynamically compile those IP address sets from a given list of domains, which would also cover the issue of changing IP addresses for a given domain after its TTL expires.
Apologies for the delay here - yes, exactly this use case - although being able to run through the web-path on demand is nirvana. Do you see issues with database ending up in a weird state due to contention?