Hello, I didn't think this question was suited for the help section so im gonna ask it here. Do you need to use pihole as a dhcp server to use the group managment? I ask because when i go to the clients section of group manager it shows all of the devices it can see on all local networks; however, the only client its actually recieving requests from is the router. Given that its only recieving requests from the router would any of those listed ip addresses actually affect anything?
Thank you for any assistence with this question.
--Angry
Good question and I don't know the answer, because I see individual IP's in my Pi-hole. You can see individual IP's by (1) changing settings in your router if your router supports this, or (2) using the Pi-hole DHCP server.
Thank you for replying. For reference if not already obvious I have my router set to use pihole as the DNS server. This is why it't the only showing client. I guess at some point I will have to truely test if that makes a difference. when refering to group management. I dont have complicated setup that nessesitates it or anything it was more of just feature exploring. Have a great day!
Sorry to jump in on this one, but a further question...
Are Groups based solely on IP address, or on MAC address?
The reason I ask is that when a client connects and gets assigned an IP using DHCP, it could be a different IP than what the client was previously known as, so would the group definitions be aware of this?
e.g. First time I add my phone to the group it may have an IP of 192.168.1.10. The next time it may get assigned a different IP via DHCP - 192.168.1.20 - so is the group config updated to reflect this?
Hello, this is an interesting question. As far as i can tell it is based on ip as that is all that is configured when you ad a client in the clients section of group management. This doesn't make too much of a difference given that it can also assign static addresses. An implementation that uses MAC addresses instead could be very interesting for those who aren't using static addresses or for whatever reason cant assign them.
No, the router sends the replies on behalf of your clients in this configuration. There is no possibility for Pi-hole to see who the original requestor was. Hence, they are one and the same client.
IP address. DNS queries are asked using either the UDP or TCP protocols. Both use IP addresses for describing the source and destination of the packages. Hence, IP addresses are the only thing visible to the DNS server.
We can source hardware addresses (using other means) for devices not more than one hop away (this is what the network overview table does). It is not possible to get the hardware address for devices connected through routers, VPNs or other separations (like VLANs). Hence, hardware addresses don't seem suitable for this task.
We implement subnetting support (your client can be 192.168.3.0/24 to match all 192.168.3.1 - 192.168.3.254). This allows a certain flexibility, e.g., other blocking rules in a "guests" network. This would be impossible with hardware addresses as identifiers.
From a technical point of view, I say: Your DHCP shouldn't do that. I know that many (esp. the cheaper) routers do such things. We call this non-deterministic. There isn't much we can so about it, the group management, currently, cannot auto-adapt, also, because often enough the devices are out of view. For instance, guest networks are often separated and their hardware addresses are not visible to Pi-hole.
However, we're open for discussions on improving Pi-hole if you have a good idea. We can maybe allow both: IP addresses (with possible CIDR modifier for subnet description) and hardware addresses. This will be complex and maybe even harder to explain to users.
What about in cases where the Pi-Hole is the DHCP server? Wouldn't then using a MAC address be the best option? If not, doesn't this mean we would need to set static IP addresses for those in the groups? Automatic IP's would get a different IP when the lease is up and then not be recognized by the group defeating its purpose.
Do I have to also add each IP the device is using? Instead why not by MAC or HOST name that the PI-Hole already knows so it can pull each IP address instead of manually adding each one and every time it also changes?
We're working on this. It is not all that straightforward as it may seem, especially since MAC addresses are only visible in the immediate vicinity of your Pi-hole (it will not work across routers, VLANs, etc.).
You can monitor
for our progress. Currently, it is still a feature draft, albeit a working one. If you (or anyone else) want to test it at any point, it would be appreciated.