Is there an alternative to the dnsmasq listen-address option to force dns to listen on specific IP address(es)?

General Beta 6.0
1

much like the title suggest.

Is there a way to force Pi-hole DNS listen on specific addresses rather all IP's that are available on a given interface?

I can see this option listed in the WebUI config

  • NONE
    Do not add any configuration concerning the listening mode to the dnsmasq configuration file. This is useful if you want to manually configure the listening mode in auxiliary configuration files. This option is really meant for advanced users only, support for this option may be limited.

would these be in the default dnsmasq config location in /etc/dnsmasq.d?

2

pihole-FTL/dnsmasq binds the wildcard address by default and discards requests that it shouldn't reply to based on its configuration.

Just like v5, Pi-hole v6 exposes related configuration options in its Interface Settings panel under Settings | DNS in Expert mode.

What is your actual goal here?
Are you trying to run another DNS resolver on the same machine as Pi-hole?

If so, switching to Bind only to interface may allow you to operate Pi-hole on one interface and another DNS server on another one, provided that other DNS server can be similarly restricted.

You are quoting dns.listeningMode from All settings, which offers this as BIND, with further details in its comment:

BIND

By default, FTL binds the wildcard address. If this is not what you want, you can use this option as it forces FTL to really bind only the interfaces it is listening on. Note that this may result in issues when the interface may go down (cable unplugged, etc.). About the only time when this is useful is when running another nameserver on the same port on the same machine. This may also happen if you run a virtualization API such as libvirt. When this option is used, IP alias interface labels (e.g. enp2s0:0) are checked rather than interface names.

You shoud only switch to NONE if you want to provide your own listening policy, which would entail adequate familiarity with respective dnsmasq configuration options.

1 Like
3

This is what I have been using for years : How to allow VLANS - #2 by nero355

And it looks like it's going to work fine for Pi-Hole v6 too in the future :slight_smile:

I am hoping to test it tonight after solving some webGUI access issues...

/EDIT :

Turns out I did not need the old config file anymore :
Pi-Hole v6 binds to all my VLAN Interfaces by default : SWEET!!! : :sunglasses: :grin: :+1: :+1:

However if you want the edns-packet-max=1232 line to /etc/dnsmasq.d/ in a seperate file then you need to do the following in /etc/pihole/pihole.toml =>

:wink:

In the same /etc/pihole/pihole.toml you can bind the webGUI to just 1 Interface/IP address so it's not reachable from all the (VLAN) Interfaces if you want :slight_smile:

4

No, not really, see:

1 Like
5

I always read the Changes Log and somehow did not notice it :frowning:

Thanks for the TIP! :+1: :+1: