Client assignment IP/MAC?

Hello,
in the 'Clients' menu I can add devices only by IP.
So is it bound to that IP then? Or is MAC address used in the background to assign clients?

Most device IPs are dynamic here...

1 Like

Which exact menu are you using?

my guess would be this page http://pi.hole/admin/groups-clients.php
I had the same question for this page... but didn't botter asking...

1 Like

Oh, because the DNS server only knows IP addresses. MAC's aren't involved.

So that means I'd have to assign static IPs for every device I add in t he Pihole interface?
That makes the feature pretty unusable for me. :confused:

Or use a deterministic DHCP server (like pihole itself has).

I obviously run a DHCP server, otherwise I wouldn't have dynamic IPs.
But what do you mean by "deterministic"?

Hm I could crank up the lease time but still that isn't a perfect solution.

Okay, whatever. My question was answered already. Thanks :slight_smile:
Have a nice weekend!

Me too. the eaten apples drive me crazy. One of my child already has 180 IP's, and there are more every day / hour. With MAC I would only have one or two entries that would never change. :hot_face:

Why don't you set a static IP? Or use pihole's DHCP server?

1 Like

IPv4 is not a problem. It doesn't work with IPv6.
Sure I could disable IPv6 but that shouldn't be the goal, should it?

Do you need IPv6 in your home network?

As Dan posted earlier pihole works on IP layer. To answer and forward DNS requests it doesn't need to know the MACs of the devices the request came from. In my understanding it is even beneficial as it enables pihole's functions across subnets (e.g. using pihole via VPN) where MACs are not routed (but instead replaced by the routers MAC).

But there might be a clever trick to enable a mac-based filtering somehow. Go ahead and open a feature request here on discourse.

I'm not sure I fully understood your answer, but I'm pretty sure you agree that this new, really fantastic feature doesn't work the way it should. Not with changing IPv4 from its own DHCP, and certainly not with IPv6.
Fortunately, I didn't get a dual-stack router from my provider. So I should be able to do without IPv6. Otherwise I would have to tunnel IPv6 to IPv4. Which is a real shame, because Pi-Hole would support everything necessary to operate with a dual-stack router.

It works the way it was intended and how DNS servers work. If you feel that it "should" do something else, then open a feature request for that.

The use cases for IPv6 on home networks is exceedingly slim. I have never seen an IPv6 only client on a local network.

Most of the IPv6 requests we get are from people that do not understand IPv6 or dual stack. Which is understandable, IPv6 is not user friendly in any way.

1 Like

It is functional, in that you can select the IP addresses. However, as pointed out this means many IP addresses per client.
It would be great if we could start at the network level, where we already have lists of devices with all their addresses, and add a client to the groups there.
At the "group management" level, to add by IP address, or client, knowing that adding by client would mean all the future IP addresses defined could be included in the right list.
The default configurations are going to include IPV6 and it already works great in pihole. The only tricky part is that we are left manually managing the relationship between address and devices, when pihole already has that information.

Or you could use a DHCP server to assign an IP<>MAC relationship and allow DNS to work on the Application Level?

Here's the list of IP addresses for one device from my network overview screen. The DHCP is working great at assigning IP addresses. They are stable. But there are also >20 of them, for this one device:


It is pretty unlikely that a user would want to block one of these addresses but unblock another, so the more likely case is wanting them all to behave the same. That means either choosing all of them, or choosing the hostname or MAC.
Bringing the client control into the network page, or allowing the clients to be defined by hostname or MAC or something else unique to all these 20 IPs would make the per-client blocking feature way more usable

1 Like

Yeah, that's what happens with IPv6, and why it's not needed on a local network segment.

Edit: My personal view is no, considering the Network Overview is unreliable as a source of truth and really doesn't reflect the actual network. We discussed internally when making that page the potential problems like this when it's relied on as fact when it's not.

To clarify. The page exists solely for admins to check if there are clients on the local segment that don't appear to be using Pi-hole for DNS. It's a very course view of things. Think of it like a web view of arp -a or ip neighbor show. That's really all it is.

As an aside, do you have a good firewall set up to prevent remote access to those GUA addresses? One that accounts for devices shifting IPs and opening up new holes?