Support prefix /12 for conditonal forwarding

dnsmasq only supports the following prefix lengths: 8, 16, 24, 32. The line


specifies a netmark of /12 which is not allowed. This has nothing to do with your last assumption.

This is documented in the dnsmasq man page (albeit poorly and only under the option domain):

If the address range is given as ip-address/network-size, then a additional flag “local” may be supplied which has the effect of adding local declarations for forward and reverse DNS queries. Eg.,,local

is identical to,

The network size must be 8, 16 or 24 for this to be legal.

It would be easy to allow /12 (or even any arbitrary mask!), however, it is a feature request that needs to be addressed by dnsmasq not pihole-FTL (we follow a minimal modifications of dnsmasq policy).
I checked how it is currently implemented and realized that dnsmasq uses a quite clever trick to simplify the task significantly. Unfortunately, this trick - going from downwards in “subdomains” - ultimately prevents any netmask that is not a multiple of 8. Allowing something like /12 would require a complete rewrite of the entire algorithm used here.

1 Like

Thanks for the explanation. Seems there is quite a bit going on here behind the scenes. I could split up the /12 so it falls in line with this requirement for dnsmasq. is one of the IANA reserved address ranges for private networks. Shame you cannot cope with that as a network spec. Variable length subnet masks are hardly uncommon.

I know, however, this is a feature request that needs to get addressed to the dnsmasq mailing list. Pi-hole cannot implement this on their own as this would cause a deviation from the upstream code. Feel free to contact Simon Kelley under

1 Like

I agree it would be nice to be able to have make just the three entries. This is what I have entered and it has worked fine thus far.

That’s valid. Its a little clumsy though… Also does not cope with narrower than /24 netmasks, as far as I can see.

Update: I coded support for arbitrary prefix lengths, however, dnsmasq upstream hasn't picked up my patches, so far. In fact, there was no reaction at all.

In case you want to follow on this check out:

Whenever the upstream adopts it, Pi-hole can immediately implement this.


Thanks for moving this forward. Hopefully folks in the dnsmasq project see the importance in supporting these prefixes.

Is there a way we can help push this through? I don't want to switch to /24s :frowning:

Actually, I don't know. I will bump this once more on the mailing list after v2.82 has been released. I don't think they'd consider anything new at all at this point as dnsmasq is not working with release and feature branches. If still no echo, the only thing you could do is maybe replying to the dnsmasq mailing list and expressing why this is advantageous.

More support for a feature request hopefully means more consideration. Sometimes feature patches can go a very long way with dnsmasq...

Now is the time, please don't forget about this. I already applied your patches locally but having to compile myself is a bit of extra work I'd like to avoid when possible.