I have a complicated question. Is there a better way to do this? Is this causing problems with my pihole installation?

Ok, so, I have a Netgear router that doesn’t allow me to set rules for redirecting devices that try to bypass the piholes DNS. I can set an IP range I want to block/redirect and that will work. My pihole is my DHCP server because for my router doesnt show info about which devices are doing what on the pihole; its all jumbled together. I wanted to have one device (iPad) bypass the pihole, but I obviously cant set the IP on my router since the pihole is the DHCP server and I cant manually set a different DNS on the device itself because of the rule I set in the router (it would get blocked).

So I asked on reddit and someone helped me. They told me I could insert this rule: dhcp-host=<the mac address of the ipad>,set:customdns,192.168.1.200 (the IP of the iPad) dhcp-option=tag:customdns,option:dns-server,1.1.1.1,1.0.0.1

to /etc/dnsmasq.d/

I am extremely bad at this kind of stuff so I have a few questions:

  1. Why isnt the pihole dhcp server assigning the IP automatically? I have to manually set it.
  2. Can this be damaging my installation? Since i have set this code, when I restart the pihole, it doesnt work anymore…the DNS service doesnt start running again.
  3. How does this work, exactly? If the DNS set in the device is not the DNS of the pihole, wouldnt it just bypass it completely (I did change the DNS in the device to 1.1.1.1,1.0.0.1) and then be blocked by the rules in my router?
  4. Before doing this, I had my pihole assign IPs from 192.168.1.201-192.168.1.251. I then changed it to 192.168.1.200-192.168.1.251 and set the IP in the rule created to 192.168.1.200. Should I have kept the IP pool at 192.168.1.201-192.168.1.251 or changed it to 192.168.1.200-192.168.1.251 like I did?
  5. Is there any easier way to do this that I’m missing? I feel like this is overly complicated. Before I would just go into the iPad and set the DNS server manually but I cant do that now because the router blocks it. I honestly am too illiterate in technological matters to know how it was getting an IP from the pihole but was able to bypass it.

Thanks!

Edit: this was the reply from the kind user who helped me figure this out:

Interesting question! It is possible to use custom configs on the pihole via the /etc/dnsmasq.d/ directory

Assuming the following:

Your DHCP pool is a subset of your subnet (ex. 192.168.1.1 thru 192.168.1.64)
Your router allows you to specify DNS redirect for just the above range

I would allocate an IP outside of your DHCP pool using the dhcp-host option, use the ‘set’ key to tag it, and call the tag to apply a custom DHCP option to just that tag.

Example, untested, in /etc/dnsmasq.d/:

dhcp-host=,set:customdns,192.168.1.100 dhcp-option=tag:customdns,option:dns-server,1.1.1.1,1.0.0.1

Restart dnsmasq and networking on your iPad to test.

Answers to your questions:

@jambo: Why isnt the pihole dhcp server assigning the IP automatically? I have to manually set it.

You don’t have to, providing an IP address with dhcp-host is optional. You may omit it to have dnsmasq assign an address from a pool as defined by the dhcp-range option.
However, Pi-hole’s query log will discern client’s by IP address, so using a dynamic IP tends to clog Pi-hole’s log with multiple distinct entries for the same client over time, even if an IP can be resolved to the same hostname.


@jambo: Can this be damaging my installation?

If your custom dnsmasq settings contain malformed syntax, that will compromise Pi-hole.
You can check your dnsmasq configuration syntax by:

 pihole-FTL dnsmasq-test

Note that this will only list the first offending line encountered, along with the file name.
In case of multiple errors, you have to run this repeatedly after fixing an error.

Also, setting dhcp-host options may indeed conflict with Pi-hole’s own usage of that option.

Pi-hole keeps its own list of static leases in /etc/dnsmasq.d/04-pihole-static-dhcp.conf.
Pi-hole will create this file once you start configuring static DHCP leases via its admin panel.
If this file exists, make sure it doesn’t contain an entry for the same MAC.
And if you’d ever had defined a static lease for the device you want to bypass Pi-hole, that information might be kept in other locations as well, which might provoke conflicts.


@jambo: If the DNS set in the device is not the DNS of the pihole, wouldnt it just bypass it completely (I did change the DNS in the device to 1.1.1.1,1.0.0.1) and then be blocked by the rules in my router?

Yes, of course.
Since you have configured your router to block DNS access altogether (with the exemption of Pi-hole, I presume), this dhcp-option solution will not work.
You would have to exempt your device (iPad) in your router as well.
Alternatively, you could try setting your router as DNS server for your iPad. Whether this would work depends on how exactly your router rules block DNS access, and how you have configured your router’s upstream DNS (namely not to be Pi-hole).


@jambo: Should I have kept the IP pool at 192.168.1.201-192.168.1.251 or changed it to 192.168.1.200-192.168.1.251 like I did?

That doesn’t really matter, as long as Pi-hole is your only DHCP-Server.
dhcp-host allows allocation of addresses that are not constrained to be in a range, as long as the IP address lies within the same subnet as supplied by your range (or by any dhcp-range option for that matter).

Possible solution to your problem:

Well, seems like Pi-hole is not involved in this then.
Keep setting manual DNS servers in your iPad and modify your router rules for an exemption for your iPad.
You may be able to get around defining that rule exemption if you can set your router as manual DNS server for your iPad and your router’s upstream DNS is pointing to a public DNS (i.e. specifically not Pi-hole).

The pihole has to be involved somehow because if I remove that rule from /etc/dnsmasq.d/ it wont work anymore.

I cant really set any custom rules in my router, so I dont think i could set a rule exemption for the iPad.

If I set my iPads DNS server as 192.198.1.1 (routers IP) and set the upstream DNS to a public DNS, wouldnt the pihole just not work anymore (because doesnt the router have to have the Piholes IP as the DNS?)? Sorry if this sounds like a completely stupid question; I’m so terrible at networking.

Wonder if I could make my router a DHCP server for just one IP and assign that IP to the iPad and then just set the DNS servers on the iPad manually.

Thanks a lot for your help!

How did you make it block DNS traffic, then?

If you configure your iPad settings manually, it will just ignore Pi-hole. It won’t interfere with Pi-hole’s operation at all.

In your case, you don’t have to worry changing your router’s upstream DNS servers as long as Pi-hole is acting as your DHCP server.

If your router would act as DHCP server, you should configure your router to hand out Pi-hole as local DNS server.
If your router wouldn’t allow setting a local DNS server, setting Pi-hole as your router’s upstream DNS server would be one option - or you switch off DHCP in your router and appoint Pi-hole as DHCP server, leaving DNS server config to Pi-hole (which is what you did).

It is only involved now that you chose to involve it.
I am afraid you have some clean up to do.

/etc/dnsmasq.d/ is a directory, not a file.

Accoriding to your reddit help, your amendments should have gone into a separate file in that directory, /etc/dnsmasq.d/99-custom.conf (which somehow went missing when you pasted that reddit content here).

So where did you actually put your config in the end?
.

To do that I have to do this. It’s weird but it works.

I’m sorry, I meant to say I didn’t think the internet would work if if I set my routers IP as my iPads DNS (I just dont know enough to know whether it would work or not, I’m not doubting you!).

That’s probably true haha but I’m only saying I think its involved because until I put that rule in the iPad’s internet just wouldn’t work. And you’re totally right; I meant to say I put the rule in /etc/dnsmasq.d/99-custom.conf. I changed it because I wasn’t paying attention and he initially gave the wrong location (etc/dnsmasq/dnsmasq.d/99-custom.conf) but apparently he changed it back and I selected the wrong text. Sorry about that.

All that is listed in my router is “Domain Name Server (DNS) Address”. The way my setup is, I have the aforementioned DNS Address that is set to my pihole DNS (192.168.1.8). The router has its DHCP server disabled and the pihole has its DHCP server enabled so that I can see which devices are doing what.

I will try to figure out how to implement in my router what you suggested. I should probably just get a router where I can implement method #2 and set custom rules to redirect devices that try to bypass the pihole DNS.

Thanks a lot for your help and I understand I can be frustrating; I will try to learn more about how everything works together.

Then that is likely your upstream DNS server.
As Pi-hole is your DHCP server, your router’s DNS doesn’t need to be set to Pi-hole.
Enter a public DNS server instead.

That means Pi-hole is taking care of distributing itself as local DNS server to its clients as well as forwarding DNS requests to the upstream DNS servers as configured in PI-hole’s admin UI.
Your Pi-hole has completely taken over the role of DHCP and DNS server from your router.

There is no immediate need to change this configuration.

You have to undo the custom dnsmasq configuration, though.

If you just created /etc/dnsmasq.d/99-custom.conf, we only have to move this out of the way.
The following statement, executed from a command prompt on your Pi-hole, will do just that by moving the file to your home directory.:

sudo mv /etc/dnsmasq.d/99-custom.conf ~

Afterwards, start Pi-hole’s DNS service again, either via its admin UI or by:

sudo service pihole-FTL restart

Then pick up your iPad.
Switch off WLAN in order to disconnect from yoiur local network.
Change your iPad configuration to manual, setting your router as DNS server.
When you are done, switch WLAN back on to reconnect your iPad.

Things should be running smoothely then.
(Unless your router’s blocking rules interfere, which I hope they don’t, as I haven’t understood them yet.)

I wanted to have one device (iPad) bypass the pihole, but I obviously cant set the IP on my router since the pihole is the DHCP server and I cant manually set a different DNS on the device itself because of the rule I set in the router (it would get blocked).

If you just want the iPad to avoid the Pi Hole, why not manually configure its network settings and set the DNS to something other than your Pi Hole?