Would like to resolve an address differently for internal and external clients


Please follow the below template, it will help us to help you!

Expected Behaviour:

Be able to resolve IP address internally for a FQDN to a different address than when pihole is used from an external client.

I have an external static IP address on my DSL connection, but if I try and get to the external IP address from inside the network it won’t work. I have made a “local” DNS entry for this and that resolves well… but there is another address that uses the same pihole via an external client (secured via firewall), but it is ‘outside’ the network.

What I want to be able to do is anyone inside the main network to resolve the address to an inside address, but anyone from ‘outside’ the network should resolve to the external address… is there a way of filtering the DNS response?

I have followed this guide to enable local IP address resolution for the external URL:

Actual Behaviour:

Resolving the same address both internally and externally using pihole.

Debug Token:



Is your setup working as expected in general? So blocking works?
Can you define “external client” ? What is “Outside the network” ?


Yes, blocking in general is working great (blocks about 10% of total DNS requests! :D)

What I mean by an ‘external client’ would be someone using the pinhole DNS server outside the network, via a NAT’d address from the internet (or in my case, another house). I know it seems risky, but I have locked down the address that can use pihole to only the outside address of this other house.

The trouble that I am having is that the ‘internal’ clients resolve the externally available URL to the internal address… that is great… external clients that are using normal public DNS servers resolve the same URL to the external address… this is also great, that works. However, the house that is using the pihole on the external address needs to resolve the IP address to the same URL to the external address.

What I was hoping was if it would be possible for some sort of filter, like as follows:
queries to xyz.com from clients in the subnet resolve to
queries from all other clients to xyz.com resolve to

Hope that makes sense and is a little clearer :slight_smile:


That is a tough one. As the external clients and internal clients probably have the same ip range internal?
The only quick resolution I could suggest:
Get a second pi with pihole and add the needed exeptions in a file called 66redirect.conf
Create the host records that should resolve to your internal address in there.
In this pihole config, set the forwarder in pihole to your other original pihole.
Best to leave all blacklists empty, as this pihole is just used to catch the local exeptions and redirect them to the internal
From now I call this pihole 1

In the VPN/natrule. Set the external clients DNS to pihole 2, (the original pi that does not redirect), but does the external queries and ad filtering. This is probably already your setup and probably does not need changing.

In internal dhcp set the internal clients DNS to pihole1. pihole1 does the redirect for your exeptions and forwards all other dns lookups to pihole2.

This can probably be done on 1 PI using 2 dns servers on 2 diffrent nic’s , but that is a very difficult setup. It took me weeks before I had that running.
As pihole alreay uses the dnsmasqconfig files you can probably not use dnsmasq on the same pi on nic2. But you couold try another dns server on nic2., if you want this project to run on 1 pi. But again. That is hard. You need to set piholeftl to nic1, and you need to find another dnsserver that can be configured to use only nic2.
Needless to say nic1 and nic2 need to have diffrent ip adresses.


This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.