How to temporarily disable blocking by Pihole for certain devices

Backstory: My girlfriend gets increasingly annoyed, when websites she is visiting are broken or content embedden in emails is not loaded properly as a result to pihole blocking rules. In this cases she asks me to unblock those pages or turn off pihole blocking completely for a couple of minutes.
Due to the fact that she has a wide variety of websites she visits and therefore a constantly changing unblocking demand, it would be nice, if she is capable of doing it herself. I don't want to be her IT helpdesk all the time.

In general: known and previously specified users should be able to switch blocking of their owned devices on and off.

Approach 1: give her a killswitch/admin-rights to switch off the complete network blocking for a specific time.
Negative side effect: complete blocking is disabled, even for my devices

Approach 2: put her devices in an unblocked group permanently.
Negative side effect: she wouldn't benefit from the positive aspects of pihole blocking at all.

Approach 3 (my favourite one): an option, where she can disable blocking for all her devices (group based) or just for specific devices for a limited period of time. This could be achieved by a previously prepared link (like a killswitch) or by an additional menu on the Pi-hole admin page. Protected by a user-specific password users would have the possibility to decide whether their devices should be Pi-hole blocked or not. Users must hereby be able to move her devices temporarily into an unblocked group without accessing the "real admin panel".

I am aware that this is probably a feature request and will need a lot of work to implement. Are there any other possible solutions to this problem that I currently oversee? This topic is also discussed in this thread: Allow temporarily disabling Pi-Hole by device
Nevertheless I can not adapt the suggested solution to my specific scenario.

Thanks!

I resolved this exact issue by changing adlists. It could be worth checking out other lists to see if they work better for the browsing habits of your network. Not every network is the same, and more blocked domains isn't necessarily better! (the same way more wifi is almost never better )

Good practice would be to start with the least-restrictive and move up to more-restrictive until you find the sweet spot.

From a network engineering standpoint, the easiest way to switch blocking off and on for individual devices is to change the DNS server on those devices. But I think changing your adlist is a closer solution to what you are looking for.

You can do this and install on her computer a browser-based blocker such as uBlock Origin. This should resolve her problem. She won't use Pi-hole, but will have ad blocking on the browser(s) she uses.

You could also try jfb's suggested combination of a browser extension like uBO plus Pi-hole with active blocking and see how far that would get you.

Sites may fail to display correctly when some script tries to access domains that would be blocked by Pi-hole. Now, when uBO would block the script also, then accessing the domain would not occur at all, and the page may render correctly.

This certainly wouldn't be true for all sites, but may already help for some.

Thank you for your replies. I think I just will reduce the amount of adlists for her devices and slowly try to find the right balance. UBlock is probably not an option, because she uses several devices and blocking should work in with all.

I would like to add aome tips I use.

Firstly, I recommend you self host your own dns server. up-front benefits:
Extended-time dns records stay cached. What?

Pi-Hole refreshes the IP address of a domain name (website name) stored inside the cache afterwards, but for only three minutes at a time.

You can reasonably safely increase this by 10x or actually an hour at a time in your home network pi-hole system "cache" or simply storage area is what that means. So what?

Less outbound requests avg 1/40th a second response times, every 175 seconds is default in Pi-Hole.

With unbound, that result from asking for the website's numbered address can stay in cache for as long as you so choose, but if the time is several hours or even days, than this may prevent access to most if not all websites until a system pi-hole reboot or the next cache refresh interval.

You are probably thinking that it's very difficult to install, and configure but as I've done it just yesterday, last night actually, it's surprisingly simple.

Pi-hole has their own documentation on how to install it (doesn't need anything more than the example pi-hole example file copy amd pasted, and follow the simple instructions.

You WILL need to download the Top Level Domains list file with the instructions.
DO NOT do any of the optional steps unless you would enjoy doing so, completely skippable I know because I have an entire 40+ page thread abour how NOT to configure it. Only when I followed the instructions and didn't add extra steps until I understood it, would it work without issue on that fresh first try.

It's a very small program or group of components, and it avoids having to use your ISP domain name IP address resolver, or Google's 8.8.8.8 tracking everything you send them, or opendns (cisco), CloudFlare, Route53 (Amazon) or anyone else.

Speaking of ad blocking and script blocking, you ask for a solution that will work on all devices and web browsers,

A browsee addon called NoScript will block all scripts (but you can choose to always temporarily allow all TLD and no extras, probably still can't read a majority of horribly designed web pages without additional exceptions. It works in the following browsers:

There are a lot of google chromium clones including
o Microsoft Edge (MS does not want to maintain their own codebase for an alternative xhoice in web rendering / web standards.
o Vivaldi Features and design from Opera
o Brave Chromium based with ad-replacement and cryptocurrency additions

o Google Chromethis Built by an advertising business that operates Googlw Ad Services, and the DoubleClick network.

Do not use it please.

Chrome gets 60% of the web browser market. 98% of Google Chrome users do not know and do not understand or care to understand why, that they are being followed on the web. It's actually annoying and aggravating.

Even businesses now just install it which I think is a security oversight and privacy violation for everyone who uses.

o Mozilla Firefox, hanging on by a thread with a 6 or 7.0% market share. Linux distrobutions usually have this as default as it is, thankfully, (Mozilla actually wanted to close-source the browser, which would have ended their entire business and we certainly would not be talking about it today) atill open-source, and continues to push on with privacy features, regarding default tracker blocking and cookie identity separation with containers.

I know firefox will work on both android and ios and on non-mobile, and it's increased use will surely send a message to the G of today. They pulled their motto "Don't be Evil" in 2018 (started in 2,000) and some employees took them to court. The phrase has been changed to

"Don't do evil" in 2020.

|

For Android, there is a market place for opensource software F-droid

In there you can download rethinkdns.

I love the way you can basically block the app, just the ip address or both, of ANYTHING that connects on your android device--it's like a mixture of the software

WireShark mixed with the blocking of Pi-hole.

I have over 150 IP addresses blocked and at least 2/3 of those are the G services. By the time I block a few hundred more I don't think they'll have any left to block.

Also with this program you can set a custom dns server, instead of G's four eight servers, you can use a few others such as

Quad9 which you can guess the address

Lastly I thought of unbound, but I will mention that in the top.

I gotta admit, you've got some guts recommending actions (i.e. unbound TTL custom settings) the Pihole devs specifically recommend against.

This is categorically wrong. TTL's are set by the authoritative nameservers, not by Pi-hole.

Altering TTL's is not going to improve your internet experience in any way, and will likely interfere with many services.

Yeah, don't do that.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.