GEOIP + DNS multiple resolver

As per title today i’m using a pihole to handle DNS requests via dns over https protocol. So the OpenWRT router is redirecting all DNS requests to pihole to handle it.

Problem is that due to some restrictions in CHINA if i want to access some chinese websites (mostly movies) i need to use a chinese DNS resolver.

Is it possible via GEOIP to handle this? So if the client is requesting a DNS for a chinese website to use a DNS provider from china, otherwise the default one.

1 Like

A GeoIP database maps IPs with tentative geographical locations. With a DNS resolver proxy (like Pi-hole), you’re resolving domains to IPs, so there’s no way to know the location of the IP using a GeoIP database before resolving that IP.

There can be a way to match domains ending in (.+).cn and send them to a different resolver, but I doubt that functionality is built in to Pi-hole. Also, this relies on the domain name indicating that it’s a Chinese website. If you have a .com or a .org resolving to a Chinese IP, this method won’t work for that.

What about i use a set of filter list that i already have? I actually already have a list of websites like taobao.com, iqiyi.com,dianping.com that i want them to be resolved with a DNS inside china like 114.114.114.119 and if the name is not on the list then use DNS2 (for example 1.1.1.1) to resolve it.

Can i do this?

No.
Pi-hole doesn’t handle GeoIPs in any way - it just filters requests for hostnames, suppressing those for unwanted domains.

Yet, let’s take a closer look at your contemplated solution using alternative DNS servers for certain domains.

For me, it makes no difference whether I lookup a domain through Google or a Chinese resolver (click for more):

When forcing a lookup for those domains through 8.8.8.8 and 114.114.114.119 respectively, they are resolved to the exact same IPs, e.g.:

pi@raspberrypi:~ $ nslookup taobao.com 8.8.8.8
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   taobao.com
Address: 140.205.220.96
Name:   taobao.com
Address: 140.205.94.189
pi@raspberrypi:~ $ nslookup taobao.com 114.114.114.119
Server:         114.114.114.119
Address:        114.114.114.119#53

Non-authoritative answer:
Name:   taobao.com
Address: 140.205.220.96
Name:   taobao.com
Address: 140.205.94.189

But then, I am not located in China - your 114.114.114.119 DNS server might resolve addresses differently based on your GeoIP.

If this is your problem, you probably could work out a solution.

While Pi-hole doesn’t support this via its UI, its embedded dnsmasq can be configured manually to redirect lookups for specific domains to specific servers.

From dnsmasq’s documentation:

-S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]

(…) If one or more optional domains are given, that server is used only for those domains and they are queried only using the specified server. This is intended for private nameservers (…)

Note that this option is originally intended for a different purpose (i.e. usage of private nameservers), so it comes with some side-effects (e.g. DNSSEC switched off).

So please make sure you’ve read through the complete documentation for this option thouroughly in order to understand and consider all its implications.

To configure this with Pi-hole, you’d have to create a custom configuration file, e.g. /etc/dnsmasq.d/10-chinese-dns.conf (and leave Pi-hole’s own configuration files in that directory untouched).
Add your domains to this file line by line, e.g.:

server=/taobao.com/114.114.114.119

As I haven’t used that before, I cannot confirm that Pi-hole wouldn’t interfere (maybe a developer could).

Let us know if you succeed in solving your problem this way.

1 Like

Seems like it’s working, i’ll do some extra tests today. Just a couple of followup questions:

  • can i use a keyword instead of a suffix? Example all website including the word alicdn.
  • just to let you understand this is my list i’m using at the moment. https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf

Edit. Before i was asking strange questions because on Chrome everything was working fine but Firefox not. After some google research i found that Firefox was using DoH with cloudflare and i had to manually disable it.