This is the setup I'm using by having dnsmasq dhcp provide different DNS server to different hosts. I'm now adding a Windows Active Directory server. All the hosts that will be joining AD must point the DNS server at the AD DNS server or AD doesn't work. Now, Windows DNS must forward to somewhere and it can't do selective forwarding based on client.
Pihole needs to have the capability to exclude clients from filtering in order to integrate well with Windows AD -- to be able to exclude certain hosts from filtering.
Can you use Pi-Hole as the upstream server for the Windows DNS? For all AD clients, since it appears that the only clients mapped to the Window DNS are not mapped to Pi-Hole.
A simple 'whitelist' by local IP or MAC that allows DNS requests from those machines to bypass the PiHole filtering and just forward all requests / answer from cache.
I'm not using the DHCP of PiHole so the DHCP solution does not work for me.
If you have a MikroTik router, or any other router with the same capabilities, you could use a whitelisting rule for your IP addresses. I created some automated commands for my MikroTik which allows users to bypass filtering on the fly by visiting a specific URL.
As this involves a large redesign of the DNS-level blocking algorithms, it will not make it into Pi-hole v5.0 where the beta testing phase is about to start soon.
As you're asking in this thread: The v5.0 beta will not contain the mentioned feature. The code is still somewhat in motion and I don't expect it to converge until maybe the end of the year (this is no ETA).
We are basically ready for v5.0 and just waiting for the entire team to agree (this is no ETA, either).
Oh wow this is huge keep up the good work. Was just wondering if it were possible to have this as some google.com requests, for example, should be block listed on some of my devices
Thank you for this thread. Please can I have some further info?
I am running Pi-hole version is v4.3.2 (FTL v4.3.1). I was wondering if the 04-bypass.conf still works with this version? I understand there is no dnsmasq service?
Basically, I have a device, and i just want to send it to an Google DNS, rather than using the PiHole. I am unable to manually configure the device (IPCam).
Therefore, in the config file, do i just need two lines:
However, I would like to point out an improvement to this feature, which is the ability to select specific blacklists - instead of a global, have different sets of blacklists that can be applied to a certain client.
Example (blacklists sets)
IT Person: spam, tracking, shopping
Grandpa: spam, tracking, suspicious
Kids: spam, tracking, suspicious, shopping, parental, social media
Since that the feature request in this thread is a dependency to such improvement, I could submit a new one? Either way, I believe the above can be taken into consideration during implementation.
I believe this feature request has been submitted and evaluated. See below. If it is not the same as the feature you request, then please open a new feature request.
Thanks for the prompt response. Yes, it is the same, and I do see the evaluation.
If the HA feature is implemented, this could be possibly be achieved by having multiple servers with different sets of blacklists. Will see.
Seems like lots of people are asking for a workaround and I didn't seem to find a proper solution so I'll post it here for those that don't want to switch to v5 beta yet. This only works if your Pi-Hole is the DHCP-server.
First of all there's no need to add custom files as said previously. We only need to edit one file:
MAC = "xx:xx:xx:xx:xx:xx"
IP = "x.x.x.x" (Static assignment)
NAME = "hostname" or whatever name you prefer
DNS-NAME = "name of your DNS-server"
DNS-IP = "x.x.x.x"