I have a router that allows me to assign specific MAC addresses to use a specific DNS server. I use this to route devices such as VOIP, XBOX, Adult phones and laptops to a regular DNS and route everything else to OpenDNS.
Is is possible to use this setup with a single Pi-hole? I would have to have the Pi-hole listen to 2 IP addresses and route the DNS OpenDNS for 1 of the two IP addresses being handled by the Pi-Hole. this way everything would go to Pi-Hole and only desired MAC addresses would also go to OpenDNS.
Does this make sense? Am I thinking straight? Is this possible or simple enough to warrant using a single pi-hole?, or should I set up 2 physical raspberry Pi-hole devices and point my router to either of the two depending on whether or not I want OpenDNS filtering?
This would be easy enough with two Pi's. You could probably do it nicely with Pi ZeroW's, for not much money. The advantage of two Pi's is that you can tailor the blocklists, blacklists and whitelists to the audience (you could be more restrictive on the OpenDNS side). There are adult-site blocklists out there, for example.
For a while, I was experimenting with different upstream DNS and other configurations and had a few Pi's going at once, but my router doesn't MAC filter to a DNS, so I had to change the local settings on the client to get to the desired Pi for this purpose.
What router do you run that does this? That's a nice feature.
You can have the same scenario but replace regular with Pi-hole.
To be more exact:
You have 1 Pi-hole instance that will separate incoming DNS requests based on MAC.
One part will go though Pi-hole where the other (defined) MAC addresses will actually go through OpenDNS.
While Part 1 will benefit from the ad-blocking, the IPs going though the Part 2(OpenDNS) will NOT benefit from the Pi-hole 's ad-blocking (but definitely retain the OpenDNS parental controls).
If you want this behavior, you'd have to use Pi-hole as DHCP server.
then
create a file /etc/dnsmasq.d/MACDNS.conf
and add something like this:
Replace xx:xx:xx:xx:xx:xx whit the mac address of the device you want to receive the OpenDNS DNS servers.
(This setup does that your router can do already).
If you want Part 2 to go through Pi-hole AND OpenDNS, separate from the adult's devices, I would recommend also to:
One instance of Pi-hole cannot use pre-defined Upstream DNS servers based on the MAC address of the incoming request. So you can't tell Pi-hole, if MAC address is this, then resolve via OpenDNS. If mac is that, resolve via Google ...
Thanks for the suggestion. I am using the Merlin OpenSource Firmware for Asus. I have also had it working using Tomato. I've never messed with the pie zero's maybe this will give me an excuse to get a couple.
Thanks RamSet. I definitely want everything to go through Pi-hole. Sounds like 2 physical devices are the way to go unless some sort of Virtual Machine software runs on Pi. I've not heard of such a thing.
Pi Zero's are inexpensive and ideal for this purpose. I would recommend going with a decent size microSD card. I bought 32 GB for about $13 each at Amazon. I have run up to 27 clients and a local DNS resolver on a single Pi Zero. And no problems running the DNS server on wireless either.