Unblocking a single devices

I have setup my router DNS to point to the pi-hole, but wondering if there is a way to unblock/unfilter an IP address?

I'm still testing out the pi-hole, but with my previous setup i had to exclude certain IP address for example the Chromecast because some games requires an ad to play first and then it lets you play.

So is adding the internal IP address of a device to the whitelist enough to unfilter that device?

I know I can manually change the DNS on the device but it troublesome with devices like the chromecast.

Are you talking about whitelisting an internal client or an advertising domain? If it's the former, the clients are just using Pi-hole as their DNS server; it's not something you need to whitelist. Have you tried whitelisting these Google domains?

There may be other domains to whitelist if you watch the query log when try to play some of those games.

Also, as you mentioned, you can just manually set the client's DNS to override them from using Pi-hole.

I want to whitelist a internal device/ip so ads are not blocked on that device/ip only and do not want to whitelist google domains on the entire lan.

I'm trying to stay away from manually editing the device dns.

1 Like

Really nice idea, i like it. Whitelist for devices, so no need to reconfigure single device DNS address to other, if router is advertising pihole IP as DNS to whole DHCP range..

You could configure dnsmasq to act as a DHCP server and then you'd get some more customizations for what clients get.

hoping for an option in the web interface. Shall I open a new post as a feature request?

On the technical side, it's not going to be possible. DNS servers do not have an authentication mechanism to decide what information they provide to what client. You'd need to configure that solo client to use a different DNS server. You may be able to modify the DHCP server to provide that single client with a separate DNS server, but as it stands there's really no feasible way other than with a firewall/IPTables or routing table changes to redirect a single client out to another DNS resolver.

Setup your own dhcp server (in dnsmasq)
You can make reservations per mac address and assign a diffrent dns to that device

1 Like

I use this feature, tags to assign different dns servers to my streaming boxes to bypass geo restrictions. Works great.

2 Likes

I've used your installer to get the piadvanced for dnsmasq. I'm trying to exclude a client from pihole. I've done all the things I think I need to do, DHCP is handled by pihole. I've found the file 04bypass and edited it to include the mac address. Directions it to opendns. Taken away the #. I've saved it, but kept it in the same folder... Do I need to move the 04bypass file to somewhere else?

In other words the client has yet to be bypassing the pihole.

it needs to be in /etc/dnsmasq.d/

Thanks so much for responding and so quickly! Love learning this stuff.

So I think I am running into an issue of:
##dhcp-option=tag:YOURTAGHERE,6,IPADDRESSOFDNSSERVER

What do I need to change here? What tag? Doesn't it pull from up the code? DNSServer the Google/OpenDNS or 192.168.11.1? Then do I need to uncomment it?

dhcp-option=tag:googlesdns1,6,8.8.8.8

dhcp-host=MA:CA:DD:R:ES:SS,set:googlesdns1

Hi Guys.

So I added the following to the DNS/DHCP section of my Tomato based router under the DNSMASQ area:

dhcp-option=6,192.168.1.4

dhcp-option=tag:googlesdns1,6,8.8.8.8
dhcp-option=tag:googlesdns2,6,8.8.4.4

dhcp-host=00:11:32:XX:XX:XX,set:googlesdns1

But it is not working. The device in question cannot resolve DNS requests so apps on it such as Sonarr will not work. It's a Synology NAS that uses my secondary VPN router as its gateway. The pi hole is my DNS server for all my devices on my primary router as you can see from the first part of the DNSMASQ entry I listed. The NAS is the only device using the VPN router as its gateway. I am thinking the NAS using a different gateway then the pi is the reason behind this but thought the instructions in this thread would fix it. Any ideas?

Not an expert, and surely there si more errors
but a dhcp-option=6, 192.168.1.4 sends out the ip4 option... to all clients! So no bypass.
and If I am not mistaken you try to add an ipv6 option with an ipv4 address.
This should probably be
dhcp-option=tag:googledns1,6,2001:4860:4860::8888
dhcp-option=tag:googledns2,6,2001:4860:4860::8844

Again: probably all not true, but:

Found this:

Looks like this is the way to do that what you want.

Oh,

You need to name the file:
04bypass.conf and move it to /etc/dnsmasq.d

Be aware not to use the dhcp option in pihole web config page anymore if you use this extra conf for dnsmasq.
Disable the dhcp options in pihole webpage when using your own dchp config.