Pi-Hole and Voip Device - Have one device bypass Pi-Hole?

Pi-Hole and Voip Device - Have one device bypass Pi-Hole?
I think Pi-Hole is messing with my VOIP Phone for work, I can call out but incoming goes straight to VM since setting up Pi-hole.

I set Pi-Hole as the DNS server for my router, is there any way to Have my work phone bypass the Pi-Hole without removing it as the DNS server for the whole network?


If possible, the easiest way to exclude a device from using Pi-hole is to change that device's DNS servers to point to a different DNS server.

Can you set your voip phone DNS to google? Aka 8.8.8.8?

Recent Pi-Hole update ::  Group Management | Clients (set within) 


Alternatively ::

If you're using the Pi-hole as your DHCP server, then you can do this with dnsmasq (the forwarder than Pi-hole uses), by creating a file called /etc/dnsmasq.d/99-phredirect.conf with the following content...

#### Assign alternate DNS for select hosts ####

# Set Specific Clients to be affected
# Replace FA:KE:94:60:D2:6E with the mac address of your phone
dhcp-mac=set:altdns,FA:KE:94:60:D2:6E #VOIP Phone

# Set Alternate DNS
dhcp-option=tag:altdns,option:dns-server,8.8.8.8,8.8.4.4

... and then run systemctl restart dnsmasq for the changes to take effect

 

If you're using your router for DHCP, then you'd have to use iptables to redirect the request, before it reaches the Pi-hole

#!/bin/bash

# -- Assumptions/Warnings:
# -- You're not using any kind of NAT or custom rules already on the Pi (as these will be wiped)
# -- 192.168.1.50 is the device you wish to exclude
# -- 8.8.8.8 is the DNS server you wish excluded devices to use
# -- 
# -- Rules are reset when the system reboots, so ensure you use persistent iptables, 
# -- or add the rules to a startup script (a good place to start is dropping a file 
# -- in "/etc/network/if-up.d" and making it executable)


# Enable forwarding
sysctl net.ipv4.ip_forward=1

# Clear NAT table (prerouting, output and postrouting)
iptables -t nat -F


# Enable DNS redirection for device via IP Address (192.168.1.50)
iptables -t nat -A PREROUTING -s 192.168.1.50 -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -A PREROUTING -s 192.168.1.50 -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53

### --- OR --- ###

# Enable DNS redirection for device via Mac Address (FA:KE:94:60:D2:6E)
iptables -t nat -A PREROUTING -m mac --mac-source FA:KE:94:60:D2:6E -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -A PREROUTING -m mac --mac-source FA:KE:94:60:D2:6E -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53


# Set outgoing to masquerade
iptables -t nat -A POSTROUTING -j MASQUERADE






Labels:

No comments:

Post a Comment


Canada Internet Service Review Discussion Group
InternetCanada@groups.io
Canada 🇨🇦 Internet Service Review
https://groups.io/g/InternetCanada

Subscribe to: Post Comments (Atom)