How can I use Pi-hole for all my devices except one (or more)?

#3

I’ve tried this tonight on my wife’s Windows 10 laptop. No matter what I do, the first entry in the DNS list is always the IPv6 address of my Pi-hole server.

Do I need to shut off the IPv6 DNS entry?

0 Likes

#4

Use:

dhcp-option=tag:nopieipv6,option6:dns-server,[2606:4700:4700::1111],[2606:4700:4700::1001]

dhcp-host=xx:xx:xx:xx:xx:xx,set:nopieipv6,Wife-Laptop

save it as etc /etc/dnsmasq.d/nopieipv6.conf

sudo service pihole-FTL restart

0 Likes

#5

Would there be any way to do this by IP range? For example, I reserve upper IPs for my laptop, my phone, and the smart TV that get piholed, but lower IP numbers for the family and guests getting dynamic addresses (IP < 200) get the unfiltered internet.

Some webpages require you allow their ads to view them, and I’m the only one in the house that knows how to disable blocking and/or use the whitelist.

0 Likes

#6

I know this is an old thread, but as far as I can tell, this method isn’t working for me. Is there a way to “test” the setting like the dnsmasq --test option used to? It appears that dnsmasq is not found when i tried that command.

0 Likes

#7

In Pi-Hole V4 and later, dnsmasq no longer runs as a separate process. The dnsmasq code is embedded in pihole-FTL, which runs in place of the dnsmasq process.

1 Like

#8

OK - I thought I saw that in another thread here, where you could run the following to restart the service:
sudo systemct start pihole-FTL.service
(specifically it was this thread):

I tried running that command after saving the file quoted above as /etc/dnsmasq.d/04-bypass.conf, but it stated systemct isn’t found either. Do i need to install that command on the pi?

I am running the commands via an ssh terminal connection from my Ubuntu laptop to the pi.

EDIT: I fixed the name I typed above for the filename (04-bypass.conf) - I forgot the zero.

0 Likes

#9

One other question - does the Pi-Hole need to be configured to handle the assignment of DHCP addresses, or is this not necessary for this bypass method to work? My router handles this currently.

0 Likes

#10

This should be systemctl

You can also restart FTL with sudo service pihole-FTL restart

0 Likes

#11

That’s weird - i copied and pasted the command from the other thread and it dropped the “L”. Even after fixing that, I still am not seeing it work correctly. Does the Pihole need to be the DHCP server for this to work?

0 Likes

#14

When using dnsmasq (older versions of pihole) the command to check the syntax is: dnsmasq --test

Since where now running pihole-FTL (a dnsmasq fork), the command to check the syntax is: pihole-FTL dnsmasq-test. Use pihole-FTL --help to get all options.

The easiest way to restart pihole-FTL is: sudo service pihole-FTL restart

0 Likes

#15

OK - I will try this tonight and see if I can figure out what I am doing wrong.

Thanks!

0 Likes

#16

OK - got it working finally - I had to enable to DHCP server in the PiHole and turn off the one in my router.

Now I just wish there was a way to keep the ad-blocking capability of the PiHole in place network-wide, but assign different DNS servers to different computers (by mac address).

0 Likes

#17

You can - see this thread: Things you can do with dnsmasq!

0 Likes

#18

I don’t think that is quite what I had in mind (at least I didn’t see it as I scrolled through that thread.

This would be my ideal:
Assign a filtered DNS server to specific computers on my network (my kids’ devices):

But with the above, still have the ad blocking of the Pihole. I also just signed up for NordVPN, so I have been using that on my router to handle the whole network.

I have an Asus RT-AC68 router running Merlin firmware, which has a DNSfilter function that allows you to assign a specific DNS address for up to 99 computers (my MAC address). I lost this functionality after adding the VPN - I might just dump it before my 30 day money back guarantee is up. DNS leaks are another issue, but I am not as worried about that as the family filtering.

As it is set up now, I use the “strict” cleanbrowsing filter network wide, but I am able to bypass the pihole completely on specific addresses, but that basically kills the point of the Pihole for those machines.

I might not be explaining this very well!

0 Likes

#19

I misunderstood what you are trying to do. Your explanation clears it up.

With Pi-Hole, you can’t specify a different upstream DNS by client. So, if the Pi-Hole uses OpenDNS for the upstream, all the clients for that Pi-Hole use that.

For your needs, you might consider a Pi-Hole tailored to each audience. A Zero W isn’t very expensive, and if you have a PC or other device running 24/7 you could put a few Pi-Hole instances on that.

The youngest kid Pi-Hole could have the strict filter, along with pretty aggressive blocklists and regex.

The older kid a different DNS with less agressive blocklists.

For the adults, whatever is best for you.

I have all my IOT devices, two WIN7 boxes and my wife’s devices on a Pi-Hole. Whitelists that work for her, minimal block lists.

My clients are on different Pi-Holes which are tailored to me.

0 Likes

#20

Interesting idea there - I might try this approach. I was staying away from the Pi Zero W since I wasn’t sure if the wifi was trustworthy enough (and the Zero is a bit slower). I have my current Pi-Hole installed on a Raspberry Pi 3 B, and connect it with ethernet to my router (technically a switch, which is connected to my router).

If the wifi is reliable, i might just pick up a few Zero W’s and try the multi-Pihole approach.

Thanks!

0 Likes

#21

A Zero is plenty powerful for DNS resolution with Pi-Hole. I can run my entire home network on a Zero W, with 30 clients and about 40K queries per day. I have not had problems with WiFi on the Zero W. My other Pi is a 3B+ wired to router via ethernet, and there is no observable difference in DNS performance between the two.

0 Likes

#22

Thanks again for all the responses, but I had another question.

How are you handling multiple pi-holes on the same network? Do you run the DHCP server on both, or just one, or neither (run DHCP at Router)?

0 Likes

#23

If there are multiple DHCP servers on the same physical network, the client will pick up an IP address from the first DHCP server that replies. This is unpredictable, however, there are two scenario’s witch are used in redundant environments.

Scenario 1 : Split up the DHCP range. For example, if you have 2 DHCP servers, server 1 on 192.168.2.1 and server 2 on 192.168.2.2, both subnet mask 255.255.255.0, assign the range to handout on server 1 to 192.168.2.51 - 192.168.2.150, assign the range to handout on server 2 to 192.168.2.151 - 192.168.2.250. This way, you will never have a problem with duplicate IP addresses, and you’re sure the client will always get an IP address. You will however never be sure of the IP address you’ll get.

Scenario 2: assign ALL IP addresses, based on the MAC address of the devices. you would for example assign 00:01:02:03:04:05 the IP address 192.168.2.3 on BOTH DHCP servers, this will ensure the device will always get the same IP address, regardless of the server that answers.

You can of course combine the two scenario’s, assign MAC based IP addresses for known devices (your own) and set up two different ranges on the individual DHCP servers for guests. Make sure the fixed and dynamic ranges don’t overlap.
fixed (based on MAC address) 192.168.2.3 - 192.168.2.50, defined on both
server 1 (dynamic - for guest devices) 192.168.2.51 - 192.168.2.150
server 2 (dynamic - for guest devices) 192.168.2.151 - 192.168.2.250

The upside of having 2 DHCP servers is redundancy, you will always get an IP address, unless both servers are down.

The downside of having 2 DHCP servers is that pihole will only be able to resolve the client names for witch it handed out the DHCP address, the others will show up with IP only. This can be solved by implementing this, section QA - Q: Why so many local requests?

Personally, I’m running DHCP on the pfsense box (router / firewall), using pihole for DNS only, with the solution for client name resolution on the pihole, as explained before.

0 Likes

#24

Wow - that’s a lot of info to digest! Thanks again for your detailed responses to my noob-ish questions!

An attempt was made last night to add my PiZero as a second Pi-hole, but I ran into some trouble, and eventually my network went down (the router lost its internet connection), and the one device that I attempted to point to Pi-hole #2 was failing to resolve hostnames.

As a desperate attempt to get the network back up before going to bed, I unplugged Pi-hole #1 (ethernet), and changed the router back to my original configuration, utilizing the DNS filter functionality that I was using prior to adding the Pi-hole(s). This function is still great for assigning the different DNS servers by MAC address.

What I initially tried to do was to see if I could re-activate the DNSfilter in the router by setting up three custom DNS servers:
Custom1: 192.168.1.205 (Pi-hole #1, with the Pi-hole’s upstream DNS set as a cleanbrowsing address)
Custom2: 192.168.1.210 (Pi-hole #2, with the Pi-hole’s upstream DNS pointed at cloudfare)
Custom3: 1.1.1.1 (cloudfare)

My logic here was that this could allow for easy assignment of the machines to specific pi-holes, and an option (custom3) that could bypass them entirely. This was when things started going south on me. I am not 100% sure how I set up the DHCP server, but i think I left it on Pi-hole #1 , and in hindsight that may have been the problem.

Tonight, I would like to re-try the above scenario with the router handling the DHCP server duties. Does this seem like it should work? I know you likely aren’t using the same router that I am, and this DNSfilter option is a special feature of the Merlin firmware for this RT-AC68U router. If I did the above, I would remove the /etc/dnsmasq.d/04-bypass.conf that I added based on this original thread, since it would no longer be needed (and apparently wouldn’t function without the Pi-hole acting as the DHCP server).

One alternate approach for the two pi-holes would be to use their block lists and restrictions to handle the filtering that cleanbrowsing does.

I have also disabled the VPN for now, since it was a wildcard that I was having issues with anyway…

0 Likes