Found the following issues while trying to lock pihole to a single IP address on a multi-homed server.
Observation:
- interface= option in dnsmasq conf file forces dnsmasq to listen on ALL IP addresses of that interface.
- in /opt/pihole/webpage.sh : the line 'addOrEditKeyValPair "${dnsmasqconfig}" "interface" "${PIHOLE_INTERFACE}"' keeps inserting the 'interface=eth0' into /etc/dnsmasq.d/01-pihole.conf after reboot or pihole -a -i
- I had to comment out the offending line in webpage.sh.
- Only two config options are required for dnsmasq to listen on one or more specific addresses; listen-address and bind-interfaces.
- IPV6_ADDRESS, in setupVars.sh, doesn't seem to do anything.
Not sure where I should post web interface changes
Currently, in the web interface, under Settings / DNS / Potenially Dangerous options. There are three options. A fourth should be added so that the 'interface=eth0' line is not continually added back to 01-pihole.conf. Such as Listen-On.. and the webpage.sh would use the IPV4_ADDRESS and IPV6_ADDRESS vars from setupVars.sh to create the listen-address= and bind-interfaces in 01-pihole.conf instead. Or maybe, the IP addresses present on the network interface(s) can be listed, with check boxes..
ie:
IPV4_ADDRESS=10.99.10.33/24
IPV6_ADDRESS=fd00:7ac0:face::33
becomes
listen-address=10.99.10.33,fd00:7ac0:face::33
bind-interfaces
in /etc/dnsmasq.d/01-hole.conf; IPV4_ADDRESS minus the subnet mask (why does it have a subnet mask ? ).. no 'interface=eth0' present.
FYI.. I'm running pihole on a server with powerdns and powerdns-recursor.. dual stacked. each process locked to its own IPv4 and IPv6 addresses, on port 53.