Choose custom DNS depending on DNS request

The issue I am facing:

Want to be able to choose upstream DNS servers depending on the DNS domain query. The reason being is my DNS provider (opendns) blocks DNS lookups for my vpn provider (Surfshark). If I can compile a list of the DNS names it needs to resolve, can I use an alternate upstream DNS server for those lookups only? I wonder if there is something I can do with either iptables on the pihole or the pihole software itself?


Details about my system:
Latest pihole on rasbian

What I have changed since installing Pi-hole:


You should be able to do this with dnsmasq configurations. See the dnsmasq manual:

You would put the desired dnsmasq configuration lines in a new file in directory /etc/dnsmasq.d

1 Like

There is a feature request which might be interesting for you:

1 Like

thanks - I already have devices setup in dnsmasq on my router (where DCHP is controlled from) which are set to use different DNS and that works fine - I have some devices which need googles DNS and the lovely ads that come with it.

What I'm looking for is to assign a different DNS server for specific requests only depending on the DNS request domain (ideally wildcard it with surfshark in the name - if detected use a different DNS server like quad 9). I don't think you can do this in dnsmasq?

jfb has already answered that: You should be able to do this with dnsmasq.

Please take the time to read through the link he provided.

You'll find the following infomation there:

More specific domains take precedence over less specific domains, so:
will send queries for * to, except, which will go to

1 Like

thankyou - I will read the manual - thanks for pointing out the specific section. Looks like I need to play with that. I'll go and try it and report back if I still have questions/success.

Update - so I've configured it on the router dnsmasq.conf using:

#Adding surfshark bypass

From the syslog on the router:

Jul 24 14:02:44 ROUTER dnsmasq[8117]: using nameserver for domain surfshark

I'm guessing clients will ignore this though as they are pointed to pihole as their DNS server? Don't really want to use pihole as DHCP server as I prefer to have the dnsmasq config including DHCP on the router. Ideally I just want dns requests sent to pihole to use this and not do DHCP from the pihole. Is it possible/safe to make the change to dnsmasq and run it on the pihole as well?

Internally, piholes is using dnsmasq (only slightly modified). So you can continue to use your router as DHCP and pihole as DNS. There is no need to install dnsmasq alongside pihole (it even can cause issues), but you can make all configuration changes that are possible in dnsmasq available in pihole too by adding files to /etc/dnsmasq.d/

1 Like

Thanks!!! In fact thanks to everyone on this thread. It works!

The solution for anyone else who wants to do this (my main dns opendns family blocks all vpn requests) :

Workout what the main domain is you want to allow. In my case it always has in it, even if the subdomain varies per country.

Create a config file as root on your pihole in /etc/dnsmasq.d. I called it bypass.conf. Enter the domain you want to allow:

#adding surfshark bypass
server=/ is the quad 9 DNS im using for bypassing but any DNS will do for this which allows lookups to the domain you want.

Restart pihole dns:

/etc/dnsmasq.d# pihole restartdns

Thats it! Thanks again

1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.