Support prefix /12 for conditonal forwarding

dnsmasq only supports the following prefix lengths: 8, 16, 24, 32. The line


specifies a netmark of /12 which is not allowed. This has nothing to do with your last assumption.

This is documented in the dnsmasq man page (albeit poorly and only under the option domain):

If the address range is given as ip-address/network-size, then a additional flag "local" may be supplied which has the effect of adding local declarations for forward and reverse DNS queries. Eg.,,local

is identical to,

The network size must be 8, 16 or 24 for this to be legal.

It would be easy to allow /12 (or even any arbitrary mask!), however, it is a feature request that needs to be addressed by dnsmasq not pihole-FTL (we follow a minimal modifications of dnsmasq policy).
I checked how it is currently implemented and realized that dnsmasq uses a quite clever trick to simplify the task significantly. Unfortunately, this trick - going from downwards in "subdomains" - ultimately prevents any netmask that is not a multiple of 8. Allowing something like /12 would require a complete rewrite of the entire algorithm used here.

1 Like

Thanks for the explanation. Seems there is quite a bit going on here behind the scenes. I could split up the /12 so it falls in line with this requirement for dnsmasq. is one of the IANA reserved address ranges for private networks. Shame you cannot cope with that as a network spec. Variable length subnet masks are hardly uncommon.

I know, however, this is a feature request that needs to get addressed to the dnsmasq mailing list. Pi-hole cannot implement this on their own as this would cause a deviation from the upstream code. Feel free to contact Simon Kelley under

1 Like

I agree it would be nice to be able to have make just the three entries. This is what I have entered and it has worked fine thus far.

That's valid. Its a little clumsy though... Also does not cope with narrower than /24 netmasks, as far as I can see.

Update: I coded support for arbitrary prefix lengths, however, dnsmasq upstream hasn't picked up my patches, so far. In fact, there was no reaction at all.

In case you want to follow on this check out:

Whenever the upstream adopts it, Pi-hole can immediately implement this.


Thanks for moving this forward. Hopefully folks in the dnsmasq project see the importance in supporting these prefixes.

Is there a way we can help push this through? I don't want to switch to /24s :frowning:

Actually, I don't know. I will bump this once more on the mailing list after v2.82 has been released. I don't think they'd consider anything new at all at this point as dnsmasq is not working with release and feature branches. If still no echo, the only thing you could do is maybe replying to the dnsmasq mailing list and expressing why this is advantageous.

More support for a feature request hopefully means more consideration. Sometimes feature patches can go a very long way with dnsmasq...

Now is the time, please don't forget about this. I already applied your patches locally but having to compile myself is a bit of extra work I'd like to avoid when possible.

I have come across this same issue. From reading through various posts this is a limitation of DNSMASQ, but it appears there is a way around this by entering something like CharAznable's set of 'rev-server=' lines rather than using the web GUI. I think it would be good to have a post that details actually what needs to be done to get conditional forwarding working on non standard subnets.
Anyone want to contribute to this with corrections or ideas?


As DNSMASQ doesn't allow conditional forwarding for subnets other than /8,/16,/24 or /32. If you have a network with (for example) /23 for its subnet, this can be configured manually within the PiHole server by following the steps below.

ssh root@pihole.local
cd /etc/dnsmasq.d/
nano 02-condfor.conf

Add one entry per line in the format :


For example, I use a /23 network on and want to forward requests to a server at


Once these entries have been made, restart (from ssh session) with

pihole restartdns

Unfortunately I am unable to test the above at present as my only PiHole server with a non /24 network is in use 24/7 so hoping some other users can contribute to this.
One thing I am unsure of is having a forward to a server that is not within the subnet ( -> does this work ok?
Is anything else required to make this work? Do any other PiHole or DNSMASQ files need to be edited? Or anything changed within the PiHole GUI?

No, that's all.

I resubmitted my patch last week and it was accepted by the dnsmasq maintainer. It'll come with the next Pi-hole release that includes the next dnsmasq version.

1 Like

This has been implemented with

1 Like