Please follow the below template, it will help us to help you!
Expected Behaviour:
Be able to resolve IP address internally for a FQDN to a different address than when pihole is used from an external client.
I have an external static IP address on my DSL connection, but if I try and get to the external IP address from inside the network it won't work. I have made a "local" DNS entry for this and that resolves well... but there is another address that uses the same pihole via an external client (secured via firewall), but it is 'outside' the network.
What I want to be able to do is anyone inside the main network to resolve the address to an inside address, but anyone from 'outside' the network should resolve to the external address... is there a way of filtering the DNS response?
Yes, blocking in general is working great (blocks about 10% of total DNS requests! :D)
What I mean by an 'external client' would be someone using the pinhole DNS server outside the network, via a NAT'd address from the internet (or in my case, another house). I know it seems risky, but I have locked down the address that can use pihole to only the outside address of this other house.
The trouble that I am having is that the 'internal' clients resolve the externally available URL to the internal address... that is great... external clients that are using normal public DNS servers resolve the same URL to the external address... this is also great, that works. However, the house that is using the pihole on the external address needs to resolve the IP address to the same URL to the external address.
What I was hoping was if it would be possible for some sort of filter, like as follows:
queries to xyz.com from clients in the subnet 192.168.1.0/24 resolve to 192.168.1.10
queries from all other clients to xyz.com resolve to 1.2.3.4
That is a tough one. As the external clients and internal clients probably have the same ip range internal?
The only quick resolution I could suggest:
Get a second pi with pihole and add the needed exeptions in a file called 66redirect.conf
Create the host records that should resolve to your internal address in there.
In this pihole config, set the forwarder in pihole to your other original pihole.
Best to leave all blacklists empty, as this pihole is just used to catch the local exeptions and redirect them to the internal 192.168.1.10
From now I call this pihole 1
In the VPN/natrule. Set the external clients DNS to pihole 2, (the original pi that does not redirect), but does the external queries and ad filtering. This is probably already your setup and probably does not need changing.
In internal dhcp set the internal clients DNS to pihole1. pihole1 does the redirect for your exeptions and forwards all other dns lookups to pihole2.
This can probably be done on 1 PI using 2 dns servers on 2 diffrent nic's , but that is a very difficult setup. It took me weeks before I had that running.
As pihole alreay uses the dnsmasqconfig files you can probably not use dnsmasq on the same pi on nic2. But you couold try another dns server on nic2., if you want this project to run on 1 pi. But again. That is hard. You need to set piholeftl to nic1, and you need to find another dnsserver that can be configured to use only nic2.
Needless to say nic1 and nic2 need to have diffrent ip adresses.
