Multiple Bugs for interface and IPv6

Found the following issues while trying to lock pihole to a single IP address on a multi-homed server.


  1. interface= option in dnsmasq conf file forces dnsmasq to listen on ALL IP addresses of that interface.
  2. in /opt/pihole/ : the line 'addOrEditKeyValPair "${dnsmasqconfig}" "interface" "${PIHOLE_INTERFACE}"' keeps inserting the 'interface=eth0' into /etc/dnsmasq.d/01-pihole.conf after reboot or pihole -a -i
  3. I had to comment out the offending line in
  4. Only two config options are required for dnsmasq to listen on one or more specific addresses; listen-address and bind-interfaces.
  5. IPV6_ADDRESS, in, doesn't seem to do anything.

Not sure where I should post web interface changes
Currently, in the web interface, under Settings / DNS / Potenially Dangerous options. There are three options. A fourth should be added so that the 'interface=eth0' line is not continually added back to 01-pihole.conf. Such as Listen-On.. and the would use the IPV4_ADDRESS and IPV6_ADDRESS vars from to create the listen-address= and bind-interfaces in 01-pihole.conf instead. Or maybe, the IP addresses present on the network interface(s) can be listed, with check boxes..




in /etc/dnsmasq.d/01-hole.conf; IPV4_ADDRESS minus the subnet mask (why does it have a subnet mask ? ).. no 'interface=eth0' present.

FYI.. I'm running pihole on a server with powerdns and powerdns-recursor.. dual stacked. each process locked to its own IPv4 and IPv6 addresses, on port 53.

I can see no bug here - Pi-holes Interface settings work as advertised.

Note that IPV4_ADDRESS and IPV6_ADDRESS have been deprecated after Pi-hole FTL v5.8, Web v5.5 and Core v5.3 released in April 2021, when the Automated IP blocking mode was introduced, together with a changed Interface settings UI.

You should have a read of Pi-hole's documentation on its Interface binding behaviour as linked from that UI. It explains in detail which dnsmasq options correlate with ticking one of the UI radio buttons.

As your goal seems to be to restrict Pi-hole to bind and listen to only specific IP addresses, and Pi-hole does not currently expose such a setting via its UI, you should probably rephrase and recategorise your topic as a feature request.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.