M.D.Risser

Using Pi-Hole in the Enterprise

After using a trio of blackhole DNS servers on an Enterprise LAN, divided into three main subnets and having very little insight into what/who was querying what/where, we gave Pi-Hole a try. While it was originally, I think, developed for the Raspberry Pi running on a home network to block ads, we’ve found that it works quite well in the enterprise as well. An interesting discussion in the Pi-Hole forums helped us to resolve a couple of issues. But, in the discussion there where several people having issues resolving just hostnames. What I’ve found to be a simple solution is to add a line, or two, depending on your network setup, to the config file, /etc/dnsmasq.d/01-pihole.conf.

If, in the web GUI, under Settings>DNS you add a router and domain to the config, to help resolve local hostnames, pihole adds a line to the config file that looks something like:

server=/your.domain/1.2.3.4

Which causes Pi-Hole to query your.domain for hostname resolution. If you add additional lines following the same format, you can query multiple domains, such as might be found in an Enterprise LAN.

Additionally you can add more blocklists, such as the ones at malwaredomains.com and several others, to filter out malware infected domains. Just go to Settings>Blocklists to add them.

I hope this helps.

UPDATE: I should have read the comments in 01-pihole.conf. That file gets over-written when Pi-Hole updates. Instead, create another file in the same directory(e.g. 02-lan.conf), and put your server lines in there.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top