How to disable pi.hole DNS record


We decided to make this behavior internal because the hostname being defined in local.list had two severe drawbacks: If you have multiple IPs available at your device, only one of then was picked. But, more important, if the addresses change (for many users the IPv6 prefix changes daily), then this record would become useless. Even more, AAAA pi.hole would point to an address that may be ancient and not reachable.
Hence, we decided to move this inside FTL where the currently used IP addresses are available for replying.

local.list is now being used to automatically add DNS records when OpenVPN is installed as well on the system (the wisdom is taken from /etc/openvpn/ipp.txt and updated on gravity runs).

We could add a hint (comment) about internal handling of pi.hole to the local.list file if you'd consider this helpful. dnsmasq can do a lot but it cannot do some things, hence,

is limiting us. I'm not really seeing what the issue is with replying on dnsmasq config lines and Pi-holes config as well? Before this change, the IP address was taken from setupVars.conf, now it is automatically determined. One config file less in the chain, actually.

For Pi-hole v6.0 we will have a full (automatically generated) config file with comments and everything, see here:

(this post is old and does not contain PIHOLE_PTR but you get the idea)

No, this

went live yesterday.

hardcoded dns records are a terrible idea from 2 major perspectives; infosec, and--perhaps more important to a pihole crowd--the viability of this project. why would you want to advertise to clients that they live on a network with dns-based blocking in place?

dan@Viking-1:~$ dig @ +short version.bind txt chaos
This includes: version, author, copyright, cachesize, cache insertions,
   evictions, misses & hits, auth & servers

It has always been there, with the exception that it was only available for one single IP address in the past whereas it now extends to all addresses. This not to justify it. However, it is not a hard-coded as in "you cannot change it" option. It is a run time option and you can easily change it to deliver the hostname for all the interfaces (next version) or easily disable it.

The option to change it to the hostname seems to make a lot of sense to me. Otherwise, when there is no accompanying record in /etc/hosts, an IP address of the host may not have a hostname at all. As I said, advanced users are able to switch off all the Pi-hole featured intended to be convenience features.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.