Please consider allowing Local DNS Records to be applied by group.
Using this feature as implemented forces me to apply local DNS to all clients, but I would prefer just to route traffic for specific clients. It feels like using PiHole for local DNS to an alternate IP is the same thing as pi-holing an ad-service domain....
The notable difference between the two:
Blacklist can be done by group (directing DNS to NXDOMAIN, blank html, or similar)
Local DNS can only be applied globally (directing DNS to IP of my choosing)
(Adapted from previous request here Add NTP server, cache + intercept) Some specific details on my particular use case:
I am using my PiHole to redirect uncontrolled NTP requests to a LAN NTP server because some IoT clients do not respect DHCP NTP options.
I accomplished this by using the "Local DNS Records" features in PiHole to point "time.windows.com" to the IP of my LAN NTP Server.
In the case of my NTP, it's because I surreptitiously reroute traffic. I only want to do this for misbehaving clients.
However there are many use cases here for IoT devices. They may have problematic traffic to resources that I want to cache and manage internally for them but not for my traditional clients.
While this may work for NTP, I still don't see any possibility for
as everything will be SSL and you cannot add your own SSL certificates on the majority of devices. And some even have certificate pinning (which is a good thing, at least concerning security).
Sorry, I do not mean to be harsh, but I have not seen a valid use case for this. If you have a local NTP server, why should your regular Windows or Mac desktop still "call home" to their NTP servers? Why do you want to cache for IoT devices (if this works at all) but not for others?
I believe this feature is very helpful.
Because I use pihole at home but also on the go. But having the VPN on all the time is draining battery and not needed (I am in private Wifis mostly).
So I use Dns over TLS (which is native in Android 9). Problem:
My domains are redirected in pihole to my local addresses, because the devices are also in my local network. But with DNS over TLS/HTTPS they are not and now try to access e.g. 192.168.2.10 and can't reach my server, because they are in a complete different network.
Both techniques are using a steady tunnel to the upstream server so both should be using the same amount of battery. Your VPN type is likely a bad choice, what are you using? Using Wireguard is very lightweight as it is a non-steady VPN tunnel where traffic is only happening when also data is transmitted. It is very light on battery usage.
I can confirm that. I use a split tunnel design where only DNS requests are send over the tunnel and have not experienced high battery drain on Android 9.
I've 3 subnets connected over vpn and if I use local dns it makes my vpn networks connect internal witch is slow. If I delete local dns it makes my local machine connects external witch is also slow.
I need local DNS for every subnet or for every group to fix this behaviour.
In my use case I use wireguard VPN and I use local dns for some local domains(Home assistant)
via pihole the domain goes to my local IP. everywhere else to my extrnal.
I added local ip forwarding for now which works.
(https://docs.pi-hole.net/guides/vpn/wireguard/internal/)
but this means all traffic goes trough my pihole server instead of directly to the router.
Also and maybe more important it's less secure because when WireGuard gets compromised my entire internal network gets exposed instead of only the dns server.
This would also allow to enforce safesearch/mode on specific devices/groups, I currently enforce safe search on Google and YouTube, but I'm forced to apply it to all devices
Same use-case here. I have my kids grouped by strict/moderate blocklists, more lenient ones for others/default and I want to enforce safesearch/browsing cnames for only certain groups vs global