Can't get a client out of DNS

Expected Behaviour:

Specific Client should not be using the PiHole dns.

Actual Behaviour:

Client is using the pihole dns filter

Debug Token:

https://tricorder.pi-hole.net/nMDFQumX/

Hello kind people.

I'm having an issue on my network.
My wife works from home, using her employer's computer. I have no access to it so I cannot manually asign a DNS server on the computer itself. Now, I know that there's a way to bypass the PiHole DNS by adding clients into groups and to have that specifc group not have any adlists. That could kind of work, but I'd rather not have any logs of her job stuff so I don't have to be responsible, if ever.
I have downloaded the 04-bypass.conf and added it to /etc/dnsmasq.d/
This is the content of the file

## The contents here bypass pihole by mac address

## This will go straight to Googles DNS Servers.
dhcp-option=tag:googlesdns1,option:dns-server,8.8.8.8
dhcp-option=tag:googlesdns2,option:dns-server,8.8.4.4

## This will go straight to Opendns Servers.
dhcp-option=tag:opendns1,6,208.67.222.220
dhcp-option=tag:opendns2,6,208.67.222.222

##Bell
dhcp-option=tag:belldns1,6,207.164.234.129
dhcp-option=tag:belldns2,6,207.164.234.193

## OpenDNS FamilyShield
dhcp-option=tag:opendns3,6,208.67.222.123
dhcp-option=tag:opendns4,6,208.67.220.123

## Level3 DNS
dhcp-option=tag:Level3DNS1,6,4.2.2.1
dhcp-option=tag:Level3DNS2,6,4.2.2.2

## Comodo Secure DNS
dhcp-option=tag:ComodoSecureDNS,6,8.26.56.26
dhcp-option=tag:ComodoSecureDNS,6,8.20.247.20

## Norton
## P1 - malware, phishing schemes, and scams.
dhcp-option=tag:norton1,6,199.85.126.10
dhcp-option=tag:norton2,6,199.85.127.10
## P2 - Pornography
dhcp-option=tag:norton3,6,199.85.126.20
dhcp-option=tag:norton4,6,199.85.127.20
## P3 - Security + Pornography + Other
dhcp-option=tag:norton5,6,199.85.126.30
dhcp-option=tag:norton6,6,199.85.127.30

########################################################################

## Instructions
## First set your tag, and dns server.
## dhcp-option=tag:YOURTAGHERE,6,IPADDRESSOFDNSSERVER
## You then simply need to replace MA:CA:DD:R:ES:SS
## I have set up the standard DNS servertags above.
## Below are examples of how to set a mac address to bypass pihole.

## Your Device that goes to Google DNS
##dhcp-host=MA:CA:DD:R:ES:SS,set:googlesdns1

## Your Device that goes to OpenDNS
#dhcp-host=MA:CA:DD:R:ES:SS,set:opendns1

## Your Device that goes to custom DNS Server
#dhcp-host=MA:CA:DD:R:ES:SS,set:YOURTAGHERE

## Les Ordi pas dans le DNS PIHOLE

##Laptop
dhcp-host=80:xx:xx:xx:xx:xx,set:belldns1
dhcp-host=80:xx:xx:xx:xx:xx,set:belldns2

##Ordi de Job Baby
##dhcp-host=48:xx:xx:xx:xx:xx,set:belldns1
##dhcp-host=48:xx:xx:xx:xx:xx,set:belldns2
##dhcp-host=48:xx:xx:xx:xx:xx,set:googlesdns1
##dhcp-host=48:xx:xx:xx:xx:xx,set:googlesdns2

The goal here is to have ##Ordi de Job Baby get out of the piHole DNS but i'm doind tests on my laptop, but once I get this thing figured out, I will uncomment the OrdiJob baby stuff and have that computer bypass the Filter.

I tried restarting the DNS, i tried ipconfig /release, i tried ipconfig /flushdns ,
but what ever I do, my laptop still goes onto the PiHole DNS. What Am I Missing?
I manually added the Bell DNS info, they come from my ISP so I figured I would use them instead of google's, but I don't really mind changing to google if this is a problem, althought I already tried and it still wouldn't work on my setup.
The honest truth is : My wife right now is on a group that has no filters, but when she looks into the admin page and sees that her computer is using pihole (and I know it's not doing anything) she blames me for everything that doesn't work well, so I need her out ASAP.
Thank you for you help, and I will greatly answer any question or provide more info if needed

Have a great day!

After messing for another day, I found out that if the said client is set on a non static DHCP lease, the 04-bypass.conf passes the DNS to said client correctly. Does it mean that I can't set a static address to the client that I wish to be able to bypass the DNS pihole?

(A side note on dhcp-option:
You are using the correct value (6) to supply a DNS server, but you could also use option:dns-server for improved readability. pihole-FTL -- --help dhcp will give you the full list of textual options understood by pihole-FTL / dnsmasq.)

Your debug log shows you have indeed supplied multiple (3) competing dhcp-host definitions for the client in question in diffferent (custom) configuration files:

-rw-r--r-- 1 root root 2.0K Nov 29 19:44 /etc/dnsmasq.d/04-bypass.conf
   dhcp-option=tag:belldns1,6,207.164.234.129
   dhcp-option=tag:belldns2,6,207.164.234.193
   dhcp-host=8<redacted>,set:belldns1
   dhcp-host=8<redacted>,set:belldns2

-rw-r--r-- 1 root root 472 Nov 28 21:31 /etc/dnsmasq.d/04-pihole-static-dhcp.conf
   dhcp-host=8<redacted>,192.168.2.28,Laptop

I'm not sure how dnsmasq would prioritize those, making it difficult to guess what you end up with.

To simplify your configuration, remove your static DHCP definition for your wife's laptop from Pi-hole's UI and edit your 04-bypass.conf to read as follows:

dhcp-option=tag:belldns,option:dns-server,207.164.234.129,207.164.234.193
dhcp-host=8<redacted>,set:belldns,192.168.2.28,Laptop

When done, run

pihole-FTL dnsmasq-test

and if that comes back ok, restart Pi-hole via

pihole restartdns

Wow! Thanks for your reply, this did it !
I guess I had too much going on and it was quite a simple fix.
For some reason

dhcp-option=tag:belldns,dns-server,207.164.234.129,207.164.234.193

didn't work with dnsmasq-test, it would say "bad syntax"
I changed it to

dhcp-option=tag:belldns,6,207.164.234.129,207.164.234.193

and it works! Thanks a lot, this is resolved!
Thank you

And indeed it is - my bad, I forgot the preceeding option:.
I've corrected my post accordingly.

Thank you very much, have a great day!

I’ve been looking for this solution.
I used the 04-bypass.conf file then added in my mac
dhcp-host=MYMACADDRESS,set:googledns1

Is it really that simple? Test and restartdns of course

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.