Exclude localhost completely?

I'm running Pi-Hole on a raspberry pi along with some other services.

Is it possible to exclude localhost completely? I do not want localhost to use Pi-Hole at all. Is it easy as changing the DNS to the default one on the Pi? Will it revert on the next update?

Yes, change the DNS server in /resolv.conf or via the appropriate tool.

1 Like

If you run debian system will reset that file

One thing I can think of preventing resolvconf changing resolv.conf via dnsmasq:

One thing you might consider are IPTABLES rules to redirect traffic from localhost on port 53 to either another port on the same host (if you have another DNS service running locally) or external.

This might help get you started, if you choose to go that route:

https://stackoverflow.com/questions/28170004/how-to-do-local-port-forwarding-with-iptables

So, I use Debian on Odroid running a Pi-hole, and I want to exclude the localhost and go directly to 1.1.1.1 instead.

But it seems as soon as I update the resolv.conf will be reset?

There seems to be a variety of hacks to make resolv.conf edits persistent:

prevent-etc-resolv-conf-from-getting-overwritten

Has anyone tried this to bypass Pi-hole for localhost? I'm reluctant to mess about too much with my machine as it relies on the network functioning perfectly, as it is critical to operations and powered on 24/7 doing its work.

Thanks.

How do I do this? In the web console?

I was about to do edit /etc/resolvconf/resolv.conf.d/base, and put in:

nameserver 1.1.1.1

Then regenerate resolv.conf with resolvconf:

sudo resolvconf -u

...as the best answer from the link above suggests.

If your solution is more elegant, I'd be keen to learn it.

Thanks.

This seems quite convoluted to me, unless it is simply a case of changing the following flag:

pihole-FTLconf

IGNORE_LOCALHOST=yes

Can you elaborate further on this?

The link you posted doesn't seem directly related to what I'm trying to achieve.

I only have:

/etc/dnsmasq.d/01-pihole.conf

...there is no such file as:

/etc/dnsmasq.d/99-ipbinding.conf

Does this file need to be created, and the following content placed within it:

except-interface=lo
listen-address=192.168.xx.xx
bind-interfaces

My Pi-hole is on 192.168.0.9, so would I supplement that instead of the xx.xx in the above example?

Additionally, the 01-pihole.conf file explicitly declares the following:

###############################################################################
#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
#                                                                             #
#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
#                      /etc/pihole/setupVars.conf                             #
#                                                                             #
#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
###############################################################################

So, I would gather that I'd need to create a new file as guided for the changes to survive and persist beyond any update:

/etc/dnsmasq.d/yourname.conf

Would you agree? Or do I put the 99-ipbinding.conf content into yourname.conf instead? (Obviously, yourname is changed to something meaningful).

The following output for setupVars.conf looks broadly similar to yours and seems setup to me:

$ cat /etc/pihole/setupVars.conf

WEBPASSWORD=
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.0.9/24
IPV6_ADDRESS=
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
BLOCKING_ENABLED=true
DNSMASQ_LISTENING=single
PIHOLE_DNS_1=1.1.1.1
PIHOLE_DNS_2=1.0.0.1
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
CONDITIONAL_FORWARDING=false

But the following output for pihole-FTL.conf is very different to yours:

$ cat /etc/pihole/pihole-FTL.conf

PRIVACYLEVEL=0

You will note it is missing all of the following suggested content:

MAXDBDAYS=2
DBINTERVAL=10.0
DBIMPORT=yes
IGNORE_LOCALHOST=yes

I'm not clear what most of this suggested content does, but I guess I could just add the IGNORE_LOCALHOST line, so that my finished file looks as such:

$ cat /etc/pihole/pihole-FTL.conf

PRIVACYLEVEL=0
IGNORE_LOCALHOST=yes

I absolutely cannot break this, as it is a critical 24/7 system, which also happens to be running my Pi-hole. Until I'm more confident with this, I'm just going to have to disable the Pi-hole completely and bypass it at the router, until I can be sure of a way to stop the local Pi-hole from using itself for its own DNS resolution.

Thanks.

So instead of 99-ipbinding.conf, I could call it yourname.conf as the declaration at the start of 01-pihole.conf indicated:

#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #

Last night I edited as follows:

$ cat /etc/pihole/pihole-FTL.conf

PRIVACYLEVEL=0
IGNORE_LOCALHOST=yes

...and all this did was remove the localhost from the client list. The localhost/192.168.0.9 was still blocking ads, and therefore filtering traffic through itself.

I'm guessing that when I add:

$ sudo nano /etc/dnsmasq.d/99-ipbinding.conf [or some other made up name]

except-interface=lo
listen-address=192.168.0.9
bind-interfaces

...and accept traffic on all interfaces in the web admin panel, then this will prevent 192.168.0.9 from filtering itself, and force traffic originating from 192.168.0.9 to go directly to Cloudfare 1.1.1.1/1.0.0.1?

I just want to be sure before I do this. Thanks for taking the time to go through this with me.

And to do that I cannot edit resolv.conf directly, so I edit and add:

$ sudo nano /etc/resolvconf/resolv.conf.d/base

nameserver 1.1.1.1
nameserver 1.0.0.1

And then update resolvconf:

$ sudo resolvconf -u

Does that sound correct to you? I would not want to end up in a situaton where local requests can't be resolved. I've tampered with resolv.conf before, broke it all and couldn't fix it so had to reinstall entire OS.

I think I'd rather avoid this, as I'm essentially getting in to unexplored territory where there is a paucity of external support beyond this thread. I think I'd rather try the suggestion of adding the nameservers to /etc/resolvconf/resolv.conf.d/base and if it doesn't work I can simply remove the nameservers and run resolvconf -u again to revert.

Full details here:

Override the DNS nameserver