How can I use Pi-hole for all my devices except one (or more)?

Configuring your router's DHCP options to force clients to use Pi-hole as their DNS server is the quickest way to get all of your network devices to use Pi-hole. But what if you want a certain device to not use it?

Perhaps a family member is frustrated with white or blacklisting sites. Or maybe you want to log queries for all network devices except for a few.

Solution

The solution is to manually set the DNS server to on the device you don't want to use Pi-hole with. Setting the DNS server on a device will override the settings handed out via the DHCP options.

There is one alternative to this if people want to set it at the pihole level.

This works especially well.

3 Likes

I've tried this tonight on my wife's Windows 10 laptop. No matter what I do, the first entry in the DNS list is always the IPv6 address of my Pi-hole server.

Do I need to shut off the IPv6 DNS entry?

Use:

dhcp-option=tag:nopieipv6,option6:dns-server,[2606:4700:4700::1111],[2606:4700:4700::1001]

dhcp-host=xx:xx:xx:xx:xx:xx,set:nopieipv6,Wife-Laptop

save it as /etc/dnsmasq.d/nopieipv6.conf

sudo service pihole-FTL restart

Would there be any way to do this by IP range? For example, I reserve upper IPs for my laptop, my phone, and the smart TV that get piholed, but lower IP numbers for the family and guests getting dynamic addresses (IP < 200) get the unfiltered internet.

Some webpages require you allow their ads to view them, and I'm the only one in the house that knows how to disable blocking and/or use the whitelist.

I know this is an old thread, but as far as I can tell, this method isn't working for me. Is there a way to "test" the setting like the dnsmasq --test option used to? It appears that dnsmasq is not found when i tried that command.

In Pi-Hole V4 and later, dnsmasq no longer runs as a separate process. The dnsmasq code is embedded in pihole-FTL, which runs in place of the dnsmasq process.

1 Like

OK - I thought I saw that in another thread here, where you could run the following to restart the service:
sudo systemct start pihole-FTL.service
(specifically it was this thread):

I tried running that command after saving the file quoted above as /etc/dnsmasq.d/04-bypass.conf, but it stated systemct isn't found either. Do i need to install that command on the pi?

I am running the commands via an ssh terminal connection from my Ubuntu laptop to the pi.

EDIT: I fixed the name I typed above for the filename (04-bypass.conf) - I forgot the zero.

One other question - does the Pi-Hole need to be configured to handle the assignment of DHCP addresses, or is this not necessary for this bypass method to work? My router handles this currently.

This should be systemctl

You can also restart FTL with sudo service pihole-FTL restart

That's weird - i copied and pasted the command from the other thread and it dropped the "L". Even after fixing that, I still am not seeing it work correctly. Does the Pihole need to be the DHCP server for this to work?

When using dnsmasq (older versions of pihole) the command to check the syntax is: dnsmasq --test

Since where now running pihole-FTL (a dnsmasq fork), the command to check the syntax is: pihole-FTL dnsmasq-test. Use pihole-FTL --help to get all options.

The easiest way to restart pihole-FTL is: sudo service pihole-FTL restart

OK - I will try this tonight and see if I can figure out what I am doing wrong.

Thanks!

OK - got it working finally - I had to enable to DHCP server in the PiHole and turn off the one in my router.

Now I just wish there was a way to keep the ad-blocking capability of the PiHole in place network-wide, but assign different DNS servers to different computers (by mac address).

You can - see this thread: Things you can do with dnsmasq!

I don't think that is quite what I had in mind (at least I didn't see it as I scrolled through that thread.

This would be my ideal:
Assign a filtered DNS server to specific computers on my network (my kids' devices):

But with the above, still have the ad blocking of the Pihole. I also just signed up for NordVPN, so I have been using that on my router to handle the whole network.

I have an Asus RT-AC68 router running Merlin firmware, which has a DNSfilter function that allows you to assign a specific DNS address for up to 99 computers (my MAC address). I lost this functionality after adding the VPN - I might just dump it before my 30 day money back guarantee is up. DNS leaks are another issue, but I am not as worried about that as the family filtering.

As it is set up now, I use the "strict" cleanbrowsing filter network wide, but I am able to bypass the pihole completely on specific addresses, but that basically kills the point of the Pihole for those machines.

I might not be explaining this very well!

I misunderstood what you are trying to do. Your explanation clears it up.

With Pi-Hole, you can't specify a different upstream DNS by client. So, if the Pi-Hole uses OpenDNS for the upstream, all the clients for that Pi-Hole use that.

For your needs, you might consider a Pi-Hole tailored to each audience. A Zero W isn't very expensive, and if you have a PC or other device running 24/7 you could put a few Pi-Hole instances on that.

The youngest kid Pi-Hole could have the strict filter, along with pretty aggressive blocklists and regex.

The older kid a different DNS with less agressive blocklists.

For the adults, whatever is best for you.

I have all my IOT devices, two WIN7 boxes and my wife's devices on a Pi-Hole. Whitelists that work for her, minimal block lists.

My clients are on different Pi-Holes which are tailored to me.

1 Like

Interesting idea there - I might try this approach. I was staying away from the Pi Zero W since I wasn't sure if the wifi was trustworthy enough (and the Zero is a bit slower). I have my current Pi-Hole installed on a Raspberry Pi 3 B, and connect it with ethernet to my router (technically a switch, which is connected to my router).

If the wifi is reliable, i might just pick up a few Zero W's and try the multi-Pihole approach.

Thanks!

A Zero is plenty powerful for DNS resolution with Pi-Hole. I can run my entire home network on a Zero W, with 30 clients and about 40K queries per day. I have not had problems with WiFi on the Zero W. My other Pi is a 3B+ wired to router via ethernet, and there is no observable difference in DNS performance between the two.

Thanks again for all the responses, but I had another question.

How are you handling multiple pi-holes on the same network? Do you run the DHCP server on both, or just one, or neither (run DHCP at Router)?