<html><head></head><body><div dir="auto">Hi Larry, I've no experience with pihole, but I read it supports ECS. Maybe one solution could be to use the client IP passed with ECS to pihole.<br><br>See here <a href="https://dnsdist.org/advanced/passing-source-address.html">https://dnsdist.org/advanced/passing-source-address.html</a><br><br>Winfried<br> </div><br><br><div class="gmail_quote"><div dir="auto">Am 3. Juni 2023 09:00:02 MESZ schrieb Larry Wapnitsky via dnsdist <dnsdist@mailman.powerdns.com>:</div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">I'm using dnsdist to route my clients based on subnet as to whether or not they should be using my pihole server for adblocking. Overall, this works great, but I"m noticing that pihole groups all queries by client to a single MAC address, that of the dnsdist server. Is there a way to break this out before it goes to the pihole server?</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">My dnsdist config:</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style=""><font face="monospace">setLocal('10.150.33.102')<br>addLocal('[2001:470:e1eb:33::102]:53')<br><br><br>webserver("<a href="http://10.150.33.102:8083">10.150.33.102:8083</a>")<br>setWebserverConfig({acl="<a href="http://10.150.0.0/8">10.150.0.0/8</a>"})<br>setWebserverConfig({password='$scrypt$ln=10,p=1,r=***='})<br><br>addACL('<a href="http://10.150.0.0/8">10.150.0.0/8</a>')<br>addACL('2001:470:e1eb::0/48')<br><br>setECSOverride(true)<br>setECSSourcePrefixV4(32)<br><br>newServer({address="10.150.33.5", name="ns1", pool="default", qps=1, useClientSubnet=true})<br>newServer({address="10.150.33.6", name="ns2", qps=1, pool="default", useClientSubnet=true})<br>newServer({address="10.150.33.7", name="ns3", pool="default", qps=1, useClientSubnet=true})<br><br><br>newServer({address="10.150.33.15", name="ns1_auth", pool="auth", checkName="wapnet.local.lan"})<br>newServer({address="2001:470:#", name="ns1_auth", pool="auth", checkName="wapnet.local.lan"})<br>newServer({address="10.150.33.16", name="ns2_auth", pool="auth", checkName="wapnet.local.lan"}) <br>newServer({address="2001:470:#", name="ns1_auth", pool="auth", checkName="wapnet.local.lan"})<br>newServer({address="10.150.33.17", name="ns3_auth", pool="auth", checkName="wapnet.local.lan"})<br>newServer({address="2001:470:#", name="ns1_auth", pool="auth", checkName="wapnet.local.lan"})<br><br>newServer({address="<a href="http://10.150.33.3:53">10.150.33.3:53</a>", name="pihole", pool="pihole", useClientSubnet=true,checkInterval=3600})<br><br>adblock_ips=newNMG()<br>adblock_ips:addMask('<a href="http://10.150.222.0/24">10.150.222.0/24</a>')<br>adblock_ips:addMask('<a href="http://10.150.12.0/24">10.150.12.0/24</a>')<br>adblock_ips:addMask('<a href="http://10.150.11.0/24">10.150.11.0/24</a>')<br>adblock_ips:addMask('<a href="http://10.150.66.0/24">10.150.66.0/24</a>')<br>adblock_ips:addMask('2001:470:e1eb:66::/64')<br>adblock_ips:addMask('<a href="http://10.150.100.0/24">10.150.100.0/24</a>')<br>adblock_ips:addMask('2001:470:e1eb:100::/64')<br>adblock_ips:addMask('<a href="http://10.150.99.0/24">10.150.99.0/24</a>')<br>adblock_ips:addMask('<a href="http://10.150.33.1/32">10.150.33.1/32</a>')<br>adblock_ips:addMask('<a href="http://10.150.33.211/32">10.150.33.211/32</a>')<br>adblock_ips:addMask('<a href="http://10.150.33.212/32">10.150.33.212/32</a>')<br>addAction(NetmaskGroupRule(adblock_ips), PoolAction('pihole'))<br><br><br><br>addAction({'wapnet.local.lan'}, PoolAction("auth"))<br><br><br>addAction(AllRule(), PoolAction('default'))<br><br>-- setServerPolicy(firstAvailable)<br>setServerPolicy(whashed)</font><br></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><p style="border:none;padding:0in"><b style="font-family:verdana,sans-serif;font-size:small"><span class="gmail_default" style="font-family:verdana,sans-serif"></span><br></b></p><p style="border:none;padding:0in"><b style="font-family:verdana,sans-serif"></b><br></p><p style="border:none;padding:0in"><b style="font-family:verdana,sans-serif;font-size:small">Larry G. Wapnitsky</b><br></p><p style="font-size:small;border:none;padding:0in"><b>E: Larry@Wapnitsky.com<br></b><b style="font-size:12.8px">Web: <a href="http://larry.wapnitsky.com/" style="color:rgb(17,85,204)" target="_blank">Larry.Wapnitsky.com</a><br></b><br></p><p style="border:none;padding:0in"><b></b></p><div style="display:inline-block;width:16px;height:16px"><br></div><p style="border:none;padding:0in"><b></b></p><div style="display:inline-block;width:16px;height:16px"><br></div><p style="border:none;padding:0in"><b></b></p><div style="display:inline-block;width:16px;height:16px"><br></div></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div></body></html>