[anticorporate]

I seem to end up regretting anything I do at the network level to block traffic. It always seems to pop up that one weird time I actually do need something from a blocked domain to load, and it takes me way too long to remember that's what I did to block it.

[netsharc]

That's when you connect to your VPN.

I have a network configuration with 2 dnsmasqs, 1 with pi-hole-style hosts block, and 1 without, and most of my devices get the ad-blocking DNS, 1 gets the "unfiltered" DNS.

To do this from the DHCP component of dnsmasq, you can tag MAC addresses and create different configurations (including which DNS they get) for each tag, e.g. https://github.com/imp/dnsmasq/blob/770bce967cfc9967273d0acf...

[Cannabat]

That's a simple and practical solution to a common problem. Thanks for sharing.

[woleium]

i have four ssids on my wireless network. One is filtered DNS, one is unfiltered, one for iot devices and one thats vpn’d to the USA.

[000ooo000]

I'm not refuting what youre saying in any way; this is just a related suggestion for anyone using PiHole who occasionally runs into what you've described.

There's an Android app called flutterhole which can connect to and activate your pihole's 'pause blocking' feature. I have found this to be the easiest way around the scenario the poster above has mentioned. Doesn't help with figuring out PiHole is responsible obviously. HTH.

[alargemoose]

Since you shared an android app, I’ll share the iOS app I use for the same purpose, called “Pi-Hole Remote”

https://apps.apple.com/app/id1515445551

[califsp484]

This looks convenient and powerful. Good share!

I personally setup an instance of Homebridge on the device running Pi-Hole, then use HomeKit on my Apple products to turn Pi-Hole on/off as if it were a light bulb.

[bigethan]

Pi-holes have an api that lets you hit a url that’ll pause the blocking for a configurable time. I use a Mac shortcut, but even a bookmark would work

[yumraj]

I have a very simple setup that works for us.

ISP’s router has unrestricted Wi-Fi access. I run a router behind it with restricted (via pi-hole) access.

All devices connect to the restricted Wi-Fi. Any time I need unrestricted access, I connect to the ISP router Wi-Fi for some time and back to the restricted when done.

[PrimeMcFly]

Don't you mean you run the restricted router in front of the ISP router?

[yumraj]

Not sure what the correct usage is regarding front vs behind.

Basically Outside World — ISP Device - internal restricted Router (using pi-hole as DNS) - home devices

So, yes, if looking from inside the restricted router would be in front.

[roblh]

I had that same issue until I started using mine over tailscale. One of my computers acts as the DNS server for the whole network with pihole on it, and then anytime I need to get around something I temporarily disconnect from my tailnet. Super nice cause then I get no ads on my phone too.

[thedaly]

Good point. Its fine if I'm the only one using the network, but I'll admit it can take a bit before I connect the dots between pi-hole and "this link I'm clicking off google won't load".

[godelski]

I find it also a bit frustrating because browsers may even ignore your network's DNS settings so you can easily get unexpected behavior (yes, I know it's expected if you are a domain expert but I'm not and it shouldn't be surprising when users are shocked that they implement a pihole and see their machine is using a different DNS than expected. I'd actually expect novice users to be surprised in this case)

[hulitu]

> browsers may even ignore your network's DNS settings

They should't. Bypassing policy is malware behaviour.

Funny that they ignore "my" network DNS, not ISP's. (in the name of freedom)

[godelski]

FF enables this and they aren't not ignoring the ISPs. Settings > Privacy and Security > DNS over HTTPS

There is a reason to do this btw. The name should say it all. It'll default to cloudflare but they let you specify what you want. The utility? Let's say I'm not an advanced user, what's my DNS look like? Is it DoH? We both know the answer. So defaulting so users' traffic is default DoH sounds like a security improvement. There's also an additional utility. If I take my laptop and move from my home network to another one, I actually don't end up using a different DNS.

You can also use Mullvad's DNS[0], or switch to 1.1.1.2/1.0.0.2 if you want malware protection on Cloudflare's DNS.

Stop making up conspiracies that don't exist. There's enough BS in the world already that we don't need to make ones up to be upset.

[0] https://mullvad.net/en/help/dns-over-https-and-dns-over-tls