My network includes a bunch of static IP addresses for devices such as servers, printers, UPS etc and a DHCP Pool for many other devices most of which have their MAC addresses bound to a specific IP address.
If I ever needed to bypass Pi-hole it is easy to just login to the router and change the Primary & Secondary DNS servers away from Pi-hole and point it at Google or wherever and all the DHCP Clients follow its lead after a reboot/DHCP lease renew.
However of course the Static devices have to be logged onto individually and have their DNS pointed away from Pi-hole one-at-a-time.
What I was wondering is would it be possible to put the IP address of the router in the DNS of the Static IP address devices and have them pick up and follow wherever the DNS in the router points to much like the DHCP Clients?
This would save a lot of configuration time when needing to temporarily remove Pi-hole for whatever reason.
When it's configured the normal way, which you describe in your second paragraph, what DNS server or servers do the DHCP clients end up with in their network settings?
Is it the upstream DNS that is configured in the router?
Or is it the router itself (which then forwards the query to upstream DNS configured in the router)?
How your router executes that, I think, determines whether it is possible for all your devices, both DHCP and static:
If 2 then you can similarly configure the DNS of your static devices as your router instead of your Pi-hole, and the router will dutifully handle it for them (normally by sending queries back to the Pi-hole, but changing to Google or wherever when you are bypassing). The point is that the DNS server in the network settings of your devices never changes; it's always the router.
If 1 then that won't help, because now the DNS server on the network devices does change and the only difference between DHCP and static devices is who is handling the change. DHCP clients will get the new DNS settings after a renewal, but for static devices it falls to you to make the changes.
One option may be that if your router acts like like 1, you may be able to change it to act like 2. Apologies it's a bit vague, it's the kind of thing that is specific to models and ISP constraints and would need exploring.
Another option to always have the router handling it is make every device DHCP and bind the IPs for your static IP devices. But since you are actually doing that already I assume there is some use-case distinction between the static IP devices and the DHCP devices that end up with specific IPs.
Yes, if you'd opt for having your router distribute its own IP as local DNS server, and having your router use Pi-hole as its upstream DNS resolver.
You'd then just need to change your router's upstreams to instantly by-pass Pi-hole for all of your network.
This comes with a couple of potential drawbacks:
In such a scenario, your router will become Pi-hole's only client: Since all DNS requests received by Pi-hole originate from your router, you won't be able to attribute DNS requests to individual clients anymore, and consequently, you wouldn't be able to apply client-specific filtering.
You'd also have to be careful about avoiding a DNS loop, e.g. by enabling Pi-hole's Conditional Forwarding (which would be useless in that scenario anyway, as all requests are from your router's IP).
All of the above would affect your entire network, including your non-static clients.
I guess you could try to hand out your router's IP as local DNS resolver only for your static-IP clients - provided your router would support that, and if your static clients would be identifiable by your router.
But I'd expect that to be available mainly (only?) with custom ROMs on your router.
If Pi-hole would be your DHCP server, you could address this via a custom dnsmasq configuration (but you'd still have to be cautious about aforementioned DNS loops). Things you can do with dnsmasq! is an older post, but it should still largely apply:
Of course, you'd have to adopt that to distribute your router's IP instead of OpenDNS and Google.
Thanks for the full & detailed replies guys! It will take a while for this to all sink in though...
chrislph: The DHCP Clients end up using my Pi-hole device as their Primary DNS Server.
Luckily I don't use my ISP supplied router as I have a DrayTek 2860 Router which is quite configurable.
Under LAN/General Setup I am able to configure both Primary & Secondary DNS Servers.
As I only have the one Pi-hole device I just enter its LAN IP Address under Primary although I believe this in itself might cause an issue as would entering the same Pi-hole LAN IP address as the secondary also?
I do sometimes see what I believe could be my ISP DNS server or possibly Gateway(?) address shown as Secondary on the DHCP Clients even though I make no reference to that it looks like it is being pulled in from somewhere? I read that it is not good practice to use the same Primary & Secondary IP addresses in the DrayTek?.
I also use the Draytek as a DHCP Server not the Pi-hole device if that matters and Pi-hole is pointing to Cloudflare as its Primary DNS
So following your logic then my router is acting as 1?
I would rather leave my Static IP Address & DHCP Pool separate rather than open it up to one large DHCP Pool and bind all of the MAC addresses to IP addresses if at all possible.
Bucking_Horn: Thanks for the suggestion. I need to decide whether the potential drawbacks are worth the convenience of changing the config as you suggest.
I'll have a thorough read of the link you suggested although at my age/condition I struggle to make sense of it all at times.
There are some routers that fill in a blank secondary with some firmware or ISP specified server, or just covertly assume one without showing you, and conversely some routers I guess might have logic that detects the same server being used twice and complains about it when you try to save. Probably best to configure the single server and assume it's okay unless you see evidence to the contrary. The Extended Test on DNS leak test is quite useful for that (though it's not really a "leak" in that scenario even if it finds other servers being used).
Apologies, my answer was interpreting your question more as being about the management of the addresses, which isn't what you were asking. Bucking_Horn's answer (equivalent to scenario 2 in my answer) is the correct one in respect of what you proposed.
