I know this is an old thread, but as far as I can tell, this method isn't working for me. Is there a way to "test" the setting like the dnsmasq --test option used to? It appears that dnsmasq is not found when i tried that command.
In Pi-Hole V4 and later, dnsmasq no longer runs as a separate process. The dnsmasq code is embedded in pihole-FTL, which runs in place of the dnsmasq process.
1 Like
OK - I thought I saw that in another thread here, where you could run the following to restart the service:
sudo systemct start pihole-FTL.service
(specifically it was this thread):
I tried running that command after saving the file quoted above as /etc/dnsmasq.d/04-bypass.conf, but it stated systemct isn't found either. Do i need to install that command on the pi?
I am running the commands via an ssh terminal connection from my Ubuntu laptop to the pi.
EDIT: I fixed the name I typed above for the filename (04-bypass.conf) - I forgot the zero.
One other question - does the Pi-Hole need to be configured to handle the assignment of DHCP addresses, or is this not necessary for this bypass method to work? My router handles this currently.
This should be systemctl
You can also restart FTL with sudo service pihole-FTL restart
That's weird - i copied and pasted the command from the other thread and it dropped the "L". Even after fixing that, I still am not seeing it work correctly. Does the Pihole need to be the DHCP server for this to work?
When using dnsmasq (older versions of pihole) the command to check the syntax is: dnsmasq --test
Since where now running pihole-FTL (a dnsmasq fork), the command to check the syntax is: pihole-FTL dnsmasq-test. Use pihole-FTL --help to get all options.
The easiest way to restart pihole-FTL is: sudo service pihole-FTL restart
OK - I will try this tonight and see if I can figure out what I am doing wrong.
Thanks!
OK - got it working finally - I had to enable to DHCP server in the PiHole and turn off the one in my router.
Now I just wish there was a way to keep the ad-blocking capability of the PiHole in place network-wide, but assign different DNS servers to different computers (by mac address).
I don't think that is quite what I had in mind (at least I didn't see it as I scrolled through that thread.
This would be my ideal:
Assign a filtered DNS server to specific computers on my network (my kids' devices):
- the strict filter for my youngest kid (from cleanbrowsing.org)
- moderate filter for my older kid (from cleanbrowsing.org)
- security filter for my wife and my machines (either from cleanbrowsing.org or another source like OpenDNS)
But with the above, still have the ad blocking of the Pihole. I also just signed up for NordVPN, so I have been using that on my router to handle the whole network.
I have an Asus RT-AC68 router running Merlin firmware, which has a DNSfilter function that allows you to assign a specific DNS address for up to 99 computers (my MAC address). I lost this functionality after adding the VPN - I might just dump it before my 30 day money back guarantee is up. DNS leaks are another issue, but I am not as worried about that as the family filtering.
As it is set up now, I use the "strict" cleanbrowsing filter network wide, but I am able to bypass the pihole completely on specific addresses, but that basically kills the point of the Pihole for those machines.
I might not be explaining this very well!
I misunderstood what you are trying to do. Your explanation clears it up.
With Pi-Hole, you can't specify a different upstream DNS by client. So, if the Pi-Hole uses OpenDNS for the upstream, all the clients for that Pi-Hole use that.
For your needs, you might consider a Pi-Hole tailored to each audience. A Zero W isn't very expensive, and if you have a PC or other device running 24/7 you could put a few Pi-Hole instances on that.
The youngest kid Pi-Hole could have the strict filter, along with pretty aggressive blocklists and regex.
The older kid a different DNS with less agressive blocklists.
For the adults, whatever is best for you.
I have all my IOT devices, two WIN7 boxes and my wife's devices on a Pi-Hole. Whitelists that work for her, minimal block lists.
My clients are on different Pi-Holes which are tailored to me.
1 Like
Interesting idea there - I might try this approach. I was staying away from the Pi Zero W since I wasn't sure if the wifi was trustworthy enough (and the Zero is a bit slower). I have my current Pi-Hole installed on a Raspberry Pi 3 B, and connect it with ethernet to my router (technically a switch, which is connected to my router).
If the wifi is reliable, i might just pick up a few Zero W's and try the multi-Pihole approach.
Thanks!
A Zero is plenty powerful for DNS resolution with Pi-Hole. I can run my entire home network on a Zero W, with 30 clients and about 40K queries per day. I have not had problems with WiFi on the Zero W. My other Pi is a 3B+ wired to router via ethernet, and there is no observable difference in DNS performance between the two.
Thanks again for all the responses, but I had another question.
How are you handling multiple pi-holes on the same network? Do you run the DHCP server on both, or just one, or neither (run DHCP at Router)?
If there are multiple DHCP servers on the same physical network, the client will pick up an IP address from the first DHCP server that replies. This is unpredictable, however, there are two scenario's witch are used in redundant environments.
Scenario 1 : Split up the DHCP range. For example, if you have 2 DHCP servers, server 1 on 192.168.2.1 and server 2 on 192.168.2.2, both subnet mask 255.255.255.0, assign the range to handout on server 1 to 192.168.2.51 - 192.168.2.150, assign the range to handout on server 2 to 192.168.2.151 - 192.168.2.250. This way, you will never have a problem with duplicate IP addresses, and you're sure the client will always get an IP address. You will however never be sure of the IP address you'll get.
Scenario 2: assign ALL IP addresses, based on the MAC address of the devices. you would for example assign 00:01:02:03:04:05 the IP address 192.168.2.3 on BOTH DHCP servers, this will ensure the device will always get the same IP address, regardless of the server that answers.
You can of course combine the two scenario's, assign MAC based IP addresses for known devices (your own) and set up two different ranges on the individual DHCP servers for guests. Make sure the fixed and dynamic ranges don't overlap.
fixed (based on MAC address) 192.168.2.3 - 192.168.2.50, defined on both
server 1 (dynamic - for guest devices) 192.168.2.51 - 192.168.2.150
server 2 (dynamic - for guest devices) 192.168.2.151 - 192.168.2.250
The upside of having 2 DHCP servers is redundancy, you will always get an IP address, unless both servers are down.
The downside of having 2 DHCP servers is that pihole will only be able to resolve the client names for witch it handed out the DHCP address, the others will show up with IP only. This can be solved by implementing this, section QA - Q: Why so many local requests?
Personally, I'm running DHCP on the pfsense box (router / firewall), using pihole for DNS only, with the solution for client name resolution on the pihole, as explained before.
Wow - that's a lot of info to digest! Thanks again for your detailed responses to my noob-ish questions!
An attempt was made last night to add my PiZero as a second Pi-hole, but I ran into some trouble, and eventually my network went down (the router lost its internet connection), and the one device that I attempted to point to Pi-hole #2 was failing to resolve hostnames.
As a desperate attempt to get the network back up before going to bed, I unplugged Pi-hole #1 (ethernet), and changed the router back to my original configuration, utilizing the DNS filter functionality that I was using prior to adding the Pi-hole(s). This function is still great for assigning the different DNS servers by MAC address.
What I initially tried to do was to see if I could re-activate the DNSfilter in the router by setting up three custom DNS servers:
Custom1: 192.168.1.205 (Pi-hole #1, with the Pi-hole's upstream DNS set as a cleanbrowsing address)
Custom2: 192.168.1.210 (Pi-hole #2, with the Pi-hole's upstream DNS pointed at cloudfare)
Custom3: 1.1.1.1 (cloudfare)
My logic here was that this could allow for easy assignment of the machines to specific pi-holes, and an option (custom3) that could bypass them entirely. This was when things started going south on me. I am not 100% sure how I set up the DHCP server, but i think I left it on Pi-hole #1 , and in hindsight that may have been the problem.
Tonight, I would like to re-try the above scenario with the router handling the DHCP server duties. Does this seem like it should work? I know you likely aren't using the same router that I am, and this DNSfilter option is a special feature of the Merlin firmware for this RT-AC68U router. If I did the above, I would remove the /etc/dnsmasq.d/04-bypass.conf that I added based on this original thread, since it would no longer be needed (and apparently wouldn't function without the Pi-hole acting as the DHCP server).
One alternate approach for the two pi-holes would be to use their block lists and restrictions to handle the filtering that cleanbrowsing does.
I have also disabled the VPN for now, since it was a wildcard that I was having issues with anyway...
If I understand everything you're trying:
- have a pihole with addlists a - b - c (for the kids)
- have a second pihole with addlists x - y -z (for your devices)
- You want to achieve this by using pihole's DHCP, assigning different DNS servers to different devices
Personally, I'm using DHCP to assign a DNS server (pihole) to devices, but the DNS servers the router uses (for firmware and package updates) are simply OpenDNS servers. A router normally doesn't do DNS requests, unless they also provide a special service (filtered DNS), as you indicate. There is no reason to use a filtered DNS service to update your router, your router will never show adds.
So, to setup your pihole's, assuming your router is also a DNS server (filtered service)
- pihole one, using addlists a - b - c, assign the router as the upstream DNS server
- pihole two, using addlists x - y - z, assign the router as the upstream DNS server
- using DHCP on pihole, assign the devices for the kids to pihole 1, assign your devices to pihole 2
Both pihole's will pass any DNS request to your router (unless cached OR blocked) , witch will than use the DNS servers you specified on the router
If you assign a pihole to use the router as the upstream DNS and assign the pihole as the upstream DNS server for the router, you are creating a loop, witch explains why you loose your internet connectivity.
Sorry again for all the questions, and thanks for the detailed response!
I think i explained what I did quite poorly.
Before I added the pihole(s), I had the router configured as follows, specifying a DNS server on the WAN tab (I think it was 8.8.8.8). This acted as the "default" DNS server for the network, as I understand it.
I would then enable the DNS filter on the router, populating various filtered DNS server addresses in the Custom1, Custom2, and Custom3 fields shown in the marked up image I included. NOTE: the text i placed on that image is NOT the way I had it before the PiHoles came along. For the purpose of this discussion, let's say the Custom1=185.228.168.10 and Custom2185.228.168.168. These two addresses have different filtering levels, and i used one for my younger child, and the other for my oldest. Custom3 could be another custom DNS server, but doesn't matter in this example.
On that same DNSFilter tab, I would then assign various devices (by mac address) to these Custom1 and Custom2 DNS addresses. I could also assign a mac address to use "Router", which I think uses the DNS server chosen on the WAN tab. It all worked, and worked quite well. Devices not specifically shown on the filter page would just use the default server as well.
My question/proposal in my last post was to set up two Piholes, where they are set up with the Upstream DNS servers I mentioned above (185.228.168.10 and .168), respectively. My idea was then to configure the router the same way as I described above, but instead of pointing the Custom1 and Custom2 fields at the upstream DNS addresses, I would point them at the internal IP addresses of the two Piholes. I could then even add a third Pihole which used an upstream DNS of Cloudfare, for example.
I will likely just try this later tonight (in a few hours) to see if it works, and report back, unless you see a fundamental flaw in my approach. (My test here would use the router's DHCP server to assign IP addresses).
Thanks again!
bit late to the game but what i did is:
- use router for dhcp
- configure it that the clients are getting always the same ip
- create a new group in pihole for that in group management
- find that client (ip) in group management clients and add it to the above created group (you might want to use that group only)
- create a regex white filter for all, e.g.
.+ - add that filter to the above created group only
1 Like