Exclude certain LAN addresses from filtering


#1

I’d like some IP addresses on my LAN (after I give them a static DHCP assignment) to get unfiltered DNS while all the others get filtered DNS. Right now I have to tell them to setup special DNS settings on their computer/mobile devices to bypass pi-hole.


Disable Pi-hole for client without configure anything in client's pc
#2

You’d need to be able to do a static IP mapping of the MAC address to a certain IP along with custom DNS, NTP or WINS details for individual MACs. I have only seen it in pfsense which is an advanced router.

You could use port forwarding on your router to redirect DNS ports from certain LAN IPs to go to google/opendns. Regular linksys/netgear/tp-link routers can port-forward from WAN to LAN only. Aftermarket DD-WRT/OpenWRT/LEDE/Tomato etc will allow port-forwarding from LAN as the source.


#3

dnsmasq has the ability to set up pools for DHCP assignments, there may be a way to configure the DNS server based on the pool the client falls in to. But you would need to know the MAC address of the clients and do some other configuration work.


#4

My wife works in advertising, this would be really helpful as I have to disable pihole for her somewhat regularly.


#5

I experienced same working in adult industry, none of the work related mails would pass the spam filters :smiley:

But IMHO, Pi-Hole should not be burdened with this.
This should be done at the DHCP level with two or more pools.
Or script something on the client machine that changes the local resolver from Pi-Hole into for example your regular modem/router DNS service and back.
On windows boxes you can script for example below:

netsh interface ip set dns name="Local Area Connection" source=static addr=10.0.0.1

On Linux systems you can play with hack the file “/etc/resolv.conf”.

Maybe i am rushing conclusions but I can imagine everybody wants their names resolved as quickly as possible without running the clients through some sort of ACL.


#6

Pi-hole’s DHCP has to enabled, and the MAC address of the bypassing device has to be known in advance for this
dnsmasq tags and conditional dns server - Stack Overflow
Raspberry Pi • View topic - Conditional dns using dnsmasq with ad blocking


#7

With the help of reddit, I managed to find a way to bypass the pihole straight to google 8.8.8.8 , It is set up by mac address.

Find the mac address and place this in your /etc/dnsmasq.d/ directory.

cd /etc/dnsmasq.d/

wget https://raw.githubusercontent.com/deathbybandaid/piadvanced/master/piholetweaks/dnsmasqtweaks/04-bypass.conf

nano 04-bypass.conf
(replace mac address)

dnsmasq --test
(tests the configuration)

sudo service dnsmasq restart
Or
sudo reboot

It would be awesome to do something like this via the webui!


#8

Neat find.
But change the link in the instructions to below one or you’ll be wgetting a bunch of HTML code:

wget https://raw.githubusercontent.com/deathbybandaid/pihole-bypass/master/04-bypass.conf

Ohw and you wont need reboot if you only restart dnsmasq to apply new settings:

sudo service dnsmasq restart


#9

Fixed the link, and I also added your other suggestions.


#10

I noticed dnsmasq supports “force-reload” so below one is even less intrusive:

sudo service dnsmasq force-reload


#11

I would like the ability to assign IP addresses to each category: ad-blocking, whitelisting, blacklisting.


#12

My wife likes to click on “offers” in some of her emails. So on her laptop network settings, I just set up the DNS to be Google’s instead of “Automatic”.
And installed an ad-blocker with less restrictive lists.


#13

I really want this too. Open up the web console, and add an IP and / MAC address to ommit a device…including the Pi-hole host itself. Please, pretty please?


#14

deathbybandaid :

The wget link is broken now… Could you please update?

Thanks.

-John_G.


#15

#16

Thanks for the quick response! :smile: