Skip to content

Instantly share code, notes, and snippets.

@mtrimarchi
Last active October 25, 2023 17:34
Show Gist options
  • Save mtrimarchi/e562dc76949586502ad0a3eca5cd8a60 to your computer and use it in GitHub Desktop.
Save mtrimarchi/e562dc76949586502ad0a3eca5cd8a60 to your computer and use it in GitHub Desktop.
pi.hole dnsmasq conf
# /etc/dnsmasq.d/01-pihole.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
# #
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
# /etc/pihole/setupVars.conf #
# #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
###############################################################################
addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list
localise-queries
no-resolv
cache-size=10000
log-queries
log-facility=/var/log/pihole.log
local-ttl=2
log-async
# If a DHCP client claims that its name is "wpad", ignore that.
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
server=127.0.0.1#5053
domain-needed
bogus-priv
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
except-interface=nonexisting
# /etc/dnsmasq.d/02-lan.conf
addn-hosts=/etc/pihole/lan.list
# /etc/pihole/lan.list
192.168.1.1 gw gw.mylan.local
192.168.1.2 pc1 pc1.mylan.local
# /etc/pihole/setupVars.conf
WEBPASSWORD=<password_hash>
DNSMASQ_LISTENING=all
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=true
CONDITIONAL_FORWARDING=false
PIHOLE_INTERFACE=ens160
IPV4_ADDRESS=<ipv4/cidr>
IPV6_ADDRESS=<ipv6>
PIHOLE_DNS_1=127.0.0.1#5053
PIHOLE_DNS_2=
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
BLOCKING_ENABLED=true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment