Is it possible to configure Pi-hole to resolve local DNS entries only? I'm using the Pi-hole in a lab network and I want it to act as a local-only DHCP server and DNS resolver for local system names and local DNS entries that I manually enter.
Currently it looks like the webUI does not allow you to deselect all upstream DNS providers. Basically I want to only resolve domain names with the lab.lan prefix (this is the FQDN specified in the DHCP server settings).
Thanks,
Logan
When Pi-hole is used as DHCP it will announce itself as DNS server via DHCP to clients. Do you plan to use some other local DNS server? How do you want to set the other one on the clients?
Some important added context. This lab network does not have internet access but the Pi-Hole host does as it is connected to both the lab LAN and a WiFi network that does have internet access for package updates and pulling new software.
I want the other lab network clients that are connecting with DHCP to use the Pi-hole as the only DNS server. I just want the pi-hole to only respond to dns requests for local hosts.
How about setting a non-existing internal IP as upstream for your Pi-hole? It will answer all local DNS records but forwards everything else to a non-existing IP.
Just make sure, your device hosting Pi-hole is not using Pi-hole itself as DNS resolver to not break its DNS resolution.
Done, set custom dns to 169.254.0.0.
Is there any way to flush dns cache. So it bounces the request instead of timing out when I ping say google.com from one of these devices?
I suppose I could redeploy Pi-hole and just keep it from connecting to the internet until I set the custom DNS provider?
You could block all domains by RegEx and only whitelist your local domain.
Was thinking similar but with a loopback IP/socket eg:
127.0.0.1#9999
Nothing listening on that port ... I presume:
pi@ph5b:~ $ cat /etc/services
[..]
xmms2 9667/udp
nbd 10809/tcp # Linux Network Block Device
[..]
zope 9673/tcp # zope server
webmin 10000/tcp
pi@ph5b:~ $ sudo ss -nltup sport = 9999
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
And traffic wont get broadcasted on your network as the 127.0.0.1 address resides on the very fast virtual loopback interface named lo:
pi@ph5b:~ $ ip -br address show lo
lo UNKNOWN 127.0.0.1/8 ::1/128
pi@ph5b:~ $ ip -br link show lo
lo UNKNOWN 00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP>
EDIT: Also:
pi@ph5b:~ $ time nc -vz 127.0.0.1 9999
nc: connect to 127.0.0.1 port 9999 (tcp) failed: Connection refused
real 0m0.031s
user 0m0.002s
sys 0m0.023s
And I'm still waiting for:
pi@ph5b:~ $ time nc -vz 169.254.0.0 53
EDIT2: Ow it just now replied:
pi@ph5b:~ $ time nc -vz 169.254.0.0 53
nc: connect to 169.254.0.0 port 53 (tcp) failed: Connection timed out
real 2m13.504s
user 0m0.000s
sys 0m0.026s
Thanks yubiuser! I've applied the following RegEx to filter the DNS requests. Probably setting the upstream DNS doesn't matter now, but I will leave it just the same.
Blacklist ^(.*\.*)
Whitelist ^(.*\.foo\.bar)
Where foo.bar is the domain of my local network.
All results going to other sites are bounced in a timely manner where as example.foo.bar is resolved normally!
Again, thanks!
I found equivalent for doing it with a dnsmasq directive.
Below returns 0.0.0.0 or :: for anything other than local:
address=/#/#
pi@ph5b:~ $ man dnsmasq
[..]
-A, --address=/<domain>[/<domain>...]/[<ipaddr>]
Specify an IP address to return for any host in the given
domains. Queries in the domains are never forwarded and
always replied to with the specified IP address which may
be IPv4 or IPv6. To give both IPv4 and IPv6 addresses for a
domain, use repeated --address flags. To include multiple
IP addresses for a single query, use --addn-hosts=<path>
instead. Note that /etc/hosts and DHCP leases override
this for individual names. A common use of this is to rediā
rect the entire doubleclick.net domain to some friendly loā
cal web server to avoid banner ads. The domain specificaā
tion works in the same was as for --server, with the addiā
tional facility that /#/ matches any domain. Thus --adā
dress=/#/1.2.3.4 will always return 1.2.3.4 for any query
not answered from /etc/hosts or DHCP and not sent to an upā
stream nameserver by a more specific --server directive. As
for --server, one or more domains with no address returns a
no-such-domain answer, so --address=/example.com/ is equivā
alent to --server=/example.com/ and returns NXDOMAIN for
example.com and all its subdomains. An address specified as
'#' translates to the NULL address of 0.0.0.0 and its IPv6
equivalent of :: so --address=/example.com/# will return
NULL addresses for example.com and its subdomains. This is
partly syntactic sugar for --address=/example.com/0.0.0.0
and --address=/example.com/:: but is also more efficient
than including both as separate configuration lines. Note
that NULL addresses normally work in the same way as localā
host, so beware that clients looking up these names are
likely to end up talking to themselves.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.