How can I use Pi-hole for all my devices except one (or more)?


#23

If there are multiple DHCP servers on the same physical network, the client will pick up an IP address from the first DHCP server that replies. This is unpredictable, however, there are two scenario’s witch are used in redundant environments.

Scenario 1 : Split up the DHCP range. For example, if you have 2 DHCP servers, server 1 on 192.168.2.1 and server 2 on 192.168.2.2, both subnet mask 255.255.255.0, assign the range to handout on server 1 to 192.168.2.51 - 192.168.2.150, assign the range to handout on server 2 to 192.168.2.151 - 192.168.2.250. This way, you will never have a problem with duplicate IP addresses, and you’re sure the client will always get an IP address. You will however never be sure of the IP address you’ll get.

Scenario 2: assign ALL IP addresses, based on the MAC address of the devices. you would for example assign 00:01:02:03:04:05 the IP address 192.168.2.3 on BOTH DHCP servers, this will ensure the device will always get the same IP address, regardless of the server that answers.

You can of course combine the two scenario’s, assign MAC based IP addresses for known devices (your own) and set up two different ranges on the individual DHCP servers for guests. Make sure the fixed and dynamic ranges don’t overlap.
fixed (based on MAC address) 192.168.2.3 - 192.168.2.50, defined on both
server 1 (dynamic - for guest devices) 192.168.2.51 - 192.168.2.150
server 2 (dynamic - for guest devices) 192.168.2.151 - 192.168.2.250

The upside of having 2 DHCP servers is redundancy, you will always get an IP address, unless both servers are down.

The downside of having 2 DHCP servers is that pihole will only be able to resolve the client names for witch it handed out the DHCP address, the others will show up with IP only. This can be solved by implementing this, section QA - Q: Why so many local requests?

Personally, I’m running DHCP on the pfsense box (router / firewall), using pihole for DNS only, with the solution for client name resolution on the pihole, as explained before.


#24

Wow - that’s a lot of info to digest! Thanks again for your detailed responses to my noob-ish questions!

An attempt was made last night to add my PiZero as a second Pi-hole, but I ran into some trouble, and eventually my network went down (the router lost its internet connection), and the one device that I attempted to point to Pi-hole #2 was failing to resolve hostnames.

As a desperate attempt to get the network back up before going to bed, I unplugged Pi-hole #1 (ethernet), and changed the router back to my original configuration, utilizing the DNS filter functionality that I was using prior to adding the Pi-hole(s). This function is still great for assigning the different DNS servers by MAC address.

What I initially tried to do was to see if I could re-activate the DNSfilter in the router by setting up three custom DNS servers:
Custom1: 192.168.1.205 (Pi-hole #1, with the Pi-hole’s upstream DNS set as a cleanbrowsing address)
Custom2: 192.168.1.210 (Pi-hole #2, with the Pi-hole’s upstream DNS pointed at cloudfare)
Custom3: 1.1.1.1 (cloudfare)

My logic here was that this could allow for easy assignment of the machines to specific pi-holes, and an option (custom3) that could bypass them entirely. This was when things started going south on me. I am not 100% sure how I set up the DHCP server, but i think I left it on Pi-hole #1 , and in hindsight that may have been the problem.

Tonight, I would like to re-try the above scenario with the router handling the DHCP server duties. Does this seem like it should work? I know you likely aren’t using the same router that I am, and this DNSfilter option is a special feature of the Merlin firmware for this RT-AC68U router. If I did the above, I would remove the /etc/dnsmasq.d/04-bypass.conf that I added based on this original thread, since it would no longer be needed (and apparently wouldn’t function without the Pi-hole acting as the DHCP server).

One alternate approach for the two pi-holes would be to use their block lists and restrictions to handle the filtering that cleanbrowsing does.

I have also disabled the VPN for now, since it was a wildcard that I was having issues with anyway…


#25

If I understand everything you’re trying:

  • have a pihole with addlists a - b - c (for the kids)
  • have a second pihole with addlists x - y -z (for your devices)
  • You want to achieve this by using pihole’s DHCP, assigning different DNS servers to different devices

Personally, I’m using DHCP to assign a DNS server (pihole) to devices, but the DNS servers the router uses (for firmware and package updates) are simply OpenDNS servers. A router normally doesn’t do DNS requests, unless they also provide a special service (filtered DNS), as you indicate. There is no reason to use a filtered DNS service to update your router, your router will never show adds.

So, to setup your pihole’s, assuming your router is also a DNS server (filtered service)

  • pihole one, using addlists a - b - c, assign the router as the upstream DNS server
  • pihole two, using addlists x - y - z, assign the router as the upstream DNS server
  • using DHCP on pihole, assign the devices for the kids to pihole 1, assign your devices to pihole 2

Both pihole’s will pass any DNS request to your router (unless cached OR blocked) , witch will than use the DNS servers you specified on the router

If you assign a pihole to use the router as the upstream DNS and assign the pihole as the upstream DNS server for the router, you are creating a loop, witch explains why you loose your internet connectivity.


#26

Sorry again for all the questions, and thanks for the detailed response!

I think i explained what I did quite poorly.

Before I added the pihole(s), I had the router configured as follows, specifying a DNS server on the WAN tab (I think it was 8.8.8.8). This acted as the “default” DNS server for the network, as I understand it.

I would then enable the DNS filter on the router, populating various filtered DNS server addresses in the Custom1, Custom2, and Custom3 fields shown in the marked up image I included. NOTE: the text i placed on that image is NOT the way I had it before the PiHoles came along. For the purpose of this discussion, let’s say the Custom1=185.228.168.10 and Custom2185.228.168.168. These two addresses have different filtering levels, and i used one for my younger child, and the other for my oldest. Custom3 could be another custom DNS server, but doesn’t matter in this example.

On that same DNSFilter tab, I would then assign various devices (by mac address) to these Custom1 and Custom2 DNS addresses. I could also assign a mac address to use “Router”, which I think uses the DNS server chosen on the WAN tab. It all worked, and worked quite well. Devices not specifically shown on the filter page would just use the default server as well.

My question/proposal in my last post was to set up two Piholes, where they are set up with the Upstream DNS servers I mentioned above (185.228.168.10 and .168), respectively. My idea was then to configure the router the same way as I described above, but instead of pointing the Custom1 and Custom2 fields at the upstream DNS addresses, I would point them at the internal IP addresses of the two Piholes. I could then even add a third Pihole which used an upstream DNS of Cloudfare, for example.

I will likely just try this later tonight (in a few hours) to see if it works, and report back, unless you see a fundamental flaw in my approach. (My test here would use the router’s DHCP server to assign IP addresses).

Thanks again!