my guess would be this page http://pi.hole/admin/groups-clients.php
I had the same question for this page... but didn't botter asking...
1 Like
Oh, because the DNS server only knows IP addresses. MAC's aren't involved.
So that means I'd have to assign static IPs for every device I add in t he Pihole interface?
That makes the feature pretty unusable for me. 
1 Like
Or use a deterministic DHCP server (like pihole itself has).
I obviously run a DHCP server, otherwise I wouldn't have dynamic IPs.
But what do you mean by "deterministic"?
Hm I could crank up the lease time but still that isn't a perfect solution.
Okay, whatever. My question was answered already. Thanks 
Have a nice weekend!
Me too. the eaten apples drive me crazy. One of my child already has 180 IP's, and there are more every day / hour. With MAC I would only have one or two entries that would never change. 
1 Like
Why don't you set a static IP? Or use pihole's DHCP server?
1 Like
IPv4 is not a problem. It doesn't work with IPv6.
Sure I could disable IPv6 but that shouldn't be the goal, should it?
Do you need IPv6 in your home network?
As Dan posted earlier pihole works on IP layer. To answer and forward DNS requests it doesn't need to know the MACs of the devices the request came from. In my understanding it is even beneficial as it enables pihole's functions across subnets (e.g. using pihole via VPN) where MACs are not routed (but instead replaced by the routers MAC).
But there might be a clever trick to enable a mac-based filtering somehow. Go ahead and open a feature request here on discourse.
1 Like
I'm not sure I fully understood your answer, but I'm pretty sure you agree that this new, really fantastic feature doesn't work the way it should. Not with changing IPv4 from its own DHCP, and certainly not with IPv6.
Fortunately, I didn't get a dual-stack router from my provider. So I should be able to do without IPv6. Otherwise I would have to tunnel IPv6 to IPv4. Which is a real shame, because Pi-Hole would support everything necessary to operate with a dual-stack router.
It works the way it was intended and how DNS servers work. If you feel that it "should" do something else, then open a feature request for that.
The use cases for IPv6 on home networks is exceedingly slim. I have never seen an IPv6 only client on a local network.
Most of the IPv6 requests we get are from people that do not understand IPv6 or dual stack. Which is understandable, IPv6 is not user friendly in any way.
1 Like
It is functional, in that you can select the IP addresses. However, as pointed out this means many IP addresses per client.
It would be great if we could start at the network level, where we already have lists of devices with all their addresses, and add a client to the groups there.
At the "group management" level, to add by IP address, or client, knowing that adding by client would mean all the future IP addresses defined could be included in the right list.
The default configurations are going to include IPV6 and it already works great in pihole. The only tricky part is that we are left manually managing the relationship between address and devices, when pihole already has that information.
Or you could use a DHCP server to assign an IP<>MAC relationship and allow DNS to work on the Application Level?
Here's the list of IP addresses for one device from my network overview screen. The DHCP is working great at assigning IP addresses. They are stable. But there are also >20 of them, for this one device:
It is pretty unlikely that a user would want to block one of these addresses but unblock another, so the more likely case is wanting them all to behave the same. That means either choosing all of them, or choosing the hostname or MAC.
Bringing the client control into the network page, or allowing the clients to be defined by hostname or MAC or something else unique to all these 20 IPs would make the per-client blocking feature way more usable
1 Like
Yeah, that's what happens with IPv6, and why it's not needed on a local network segment.
Edit: My personal view is no, considering the Network Overview is unreliable as a source of truth and really doesn't reflect the actual network. We discussed internally when making that page the potential problems like this when it's relied on as fact when it's not.
To clarify. The page exists solely for admins to check if there are clients on the local segment that don't appear to be using Pi-hole for DNS. It's a very course view of things. Think of it like a web view of arp -a or ip neighbor show. That's really all it is.
As an aside, do you have a good firewall set up to prevent remote access to those GUA addresses? One that accounts for devices shifting IPs and opening up new holes?
Through my work, I recognize how more and more Internet providers distribute dual-stack routers where the user / admin cannot set anything. There is not even a portal that you could visit, maybe just a reset button and a larger one to deactivate wifi.
On the client side there are hardly any devices without IPv6, and also - especially with mobiles - it is less and less possible to set or deactivate anything. In such a environment, this means that your IPv4-only-pi-hole is completely bypassed by using IPv6. Precisely because in such cases there is simply no way to do without IPv6.
Furthermore, I am firmly convinced that IPv6 will be needed more and more in a modern network. Certainly not because it is too big for IPv4, but to ensure communication with the IPv6-based internet.
I know I know, there is also the IPv4 to IPv6 translation, but nobody really wants that, and is usually not used in a standard routers.
Do these devices / routers not allow you to use ULA space under the network admin's control? Do they require you to use GUA addresses that open up every device to remote access? Do you need to have globally routed IP addresses on every client?
The only time I have ever seen the need for GUA space on a LAN is for getting around CGNAT to give remote access to a DMZ'd device. So, extremely rare.
As to an IPv6 based internet, we've been talking about that since I got my college degree and the paper that was printed on has turned to dust from old age.