The issue I am facing:
Pi hole binds to all available ip addresses connected to server
Details about my system:
Ubuntu 22.04 LTS server (which uses netplan by default) as VM on Proxmox
Running several other services on different IP addresses, assigned to the primary NIC
All IP addresses are set manually on the server itself, it is not provided by a DHCP server
What I have changed since installing Pi-hole:
Nothing at all.
There is no option in the (web) admin to set the specific IP address for Pi Hole to use.
For this server it is necessary to bind Pi hole to a specific IP address on the primary NIC.
Pi Hole needs to listen on this IP address for DNS requests, as well as host the web admin, and preferably send out DNS requests outside from the same IP address, if possible (but that is not a requirement).
I have not found any option in the setup or the (web) admin.
There are several posts here that ask the same thing, but the posts were closed before an actual solution was provided, because the posters settled with the default behavior.
I, unfortunately, am not in a position to do the same.
How can I bind Pi Hole to a specific IP address for all it's communication?
Yes, as I stated in my initial post, a specific dedicated IP address.
This is necessary for this setup, and this point is not up for discussion.
The specific IP address was already configured on the server.
During the install it never asked me which IP address to use, so I figured, it must be an option afterwards.
During install Pi-hole prompts for the IP address and netmask in CIDR notation (example might be 192.168.1.6/24) and stresses that this must be a fixed IP, which in your case looks like it will be the dedicated IP you have assigned to the VM host for this function.
You can repeat the setup process with the command pihole -r and select Reconfigure. Before you do that, take a backup in Settings > Teleporter > Backup (you can use that later to restore adlists, rules, etc, although a Reconfigure does not destroy these, it's just a safety net).
Once complete test again and confirm it is bound to the selected IP. If other IPs on that host are acting as alternate addresses and you don't want this, this sounds like a routing or rules-based issue related to the host or Proxmox networking and not a Pi-hole issue, since Pi-hole doesn't know or care about how its host exists in the wider world.
That's correct, though that doesn't mean that Pi-hole would react to traffic from all interfaces.
By default, pihole-FTL/dnsmasq will bind the wildcard address (or at least try to do so, on systems that support it).
It will then listen on all host-attached interfaces, but inspect only the traffic on the interfaces and IP addresses that is was configured for.
However, while Pi-hole's UI offers several options to control its listening behaviour, it doesn't allow you to state an IP address explicitly.
Limiting Pi-hole's configuration to a specfic IP address could still be achieved by creating a custom dnsmasq configuration file with listen-address=<ipaddr> (see dnsmasq's documentation for further details).
Would that perhaps fit your requirements, or do you really require that Pi-hole would bind to a single IP exclusively?
That may or may not be possible, depending on your exact network interface configuration.
Is the IP you want to bind to the only IP address on its network interface?
There is a dnsmasq option to really bind only the interfaces that it was configured for.
That could work in your case - provided that interface only carried the one IP address that you actually want Pi-hole to bind to.
That option can indeed be configured from Pi-hole's UI via Settings | DNS as Bind only to interface xxxN - see also Pi-hole's documentation on its Interface binding behavior.
That does not even work, let alone trying to find out if it does what I need it to do.
It is still working on every address available on the server.
The web interface is even more broken than I thought, with the DataTables problem (I made a separate post for that issue): it does not let me change this setting; it will complain about a wrong token and tells me to relogin, even though I have done that numerous times by now.
If the address was the sole IP address on the NIC, I would not have this problem, at all, so no, there are multiple IP aliases on the NIC, which is exactly as it should be.
After some tinkering, I think I have found the solution:
I added the custom config to dnsmasq, with both (and only) the options bind-interfaces and listen-address=...
According to netstat, it has only bound on the specified address.
This ceases to work if I set the option interface=... to the NIC on which the IP is configured (in case someone in the future finds this post and can not get it to work because of that option).
This does not work.
The install did not prompt for an IP address and netmask, only the interface.
If it would have prompted for that information, I would not have missed it.
Please see the selected solution for the actual working solution for my posted question.
Perhaps you have uncovered a bug in one of the various IP-related functions in the install script, which occurs when installing on an Ubuntu server with multiple network interfaces configured via netplan, resulting in you not seeing the relevant section for confirming or changing the desired Pi-hole IP address.
It would be interesting if you could clone or snapshot your VM, and start over with the same initial conditions, noting step by step what you're seeing, to confirm the same behaviour or in case you did skip over the selection without noticing the first time.
At the moment of installing Pi Hole, there was only one NIC with multiple IP addresses, not multiple NICs.
But I will try to reproduce the situation; if the installer should prompt for the IP address and netmask, it is interesting to find out why it didn't.
I was curious and did some testing here with a vm.
Using Ubuntu 22.04.1 server, Mint 21 desktop and Pi OS bullseye. Various cross-combinations of multiple NICs, single NICs, multiple IPs, single IPs. Networking via netplan rendered by network-manager in Ubuntu. Combinations of DHCP and manual configs.
Only on the Pi OS install was I shown this IP config screen
On all the other systems it went straight from the Static IP Needed screen to the Select Upstream DNS Provider screen. If there were multiple NICs it did that via the Choose An Interface screen. Either way it didn't show the above screen.
I don't know if this is normal or a bug or a change in the install process. It doesn't appear to be related to the use of netplan. I have installed Pi-hole on Mint before and am sure I was shown this screen. I have installed Pi-hole a lot on Pi OS and am always shown this screen.
