Time based and device based block


I’m dreaming of block based on specific device but also on time.

E.g block one client (AppleTV) from 22:00 to 09:30

but also with usage blocks, e.g AppeTV used for 1H then block all traffic on this device for the next 30 minutes and so in a loop.

For the first e.g I have a similar option with my router (Synology) but I can’t use it because it’s overwrite every Forwarding DNS of every clients on the same subnet


Unfortunately, this is technically impossible with the underlying DNS resolver, dnsmasq. Blocked queries are served from the DNS cache which is neither selective for individual clients nor time intervals. Please submit such a feature request to the dnsmasq mailing list (adding HOSTS entries that are only applied to clients with certain DHCP tags). We decided to not do such modifications in the original dnsmasq code ourselves as this might lead to incompatibilities that would prevent us from updating our resolver to newer dnsmasq releases in the future.


I am working on a tool to do this via the api…


Do you keep in account that a device is caching and if you switch off access to the DNS server it could still resolve domains on itself as long the TTL has not timed out.


Yes, but eventually it will time out… I’m pretty sure that you can change the TTL in configuration files?


I would think that the way to implement time-based blocks of clients (or blacklisting/whitelisting of clients in general) on top of dnsmasq without needing to fork would be through iptables.

1 Like

I agree. I have already played around with this. My solution was to use ipset and cron to do this. Assuming the clients are being assigned the IP of Pi-hole for DNS via DHCP, and dns redirection is put in place, this would work well, combined with a router with some form of linux to do the same.