6ALxEAluTK5HoxH8x3UN3Jn5DA3OPG4ZlF16nl4gjOM=

Error

There was a problem applying your settings.
Debugging information:
PHP error (2): parse_ini_file(/etc/pihole/setupVars.conf): Failed to open stream: No such file or directory in /var/www/html/admin/settings.php:17

FTL Information

The FTL service is offline!

DHCP Settings

DHCP server enabled

Range of IP addresses to hand out

From

Router (gateway) IP address

Router

Advanced DHCP settings

Pi-hole domain name

Domain

DHCP lease time

Lease time in hours

Hint: 0 = infinite, 24 = one day, 168 = one week, 744 = one month, 8760 = one year

Enable DHCPv4 rapid commit (fast address assignment)

Enable IPv6 support (SLAAC + RA)

Currently active DHCP leases

MAC address	IP address	Hostname

Static DHCP leases configuration

MAC address	IP address	Hostname

Specifying the MAC address is mandatory and only one entry per MAC address is allowed. If the IP address is omitted and a host name is given, the IP address will still be generated dynamically and the specified host name will be used. If the host name is omitted, only a static lease will be added.

Upstream DNS Servers

IPv4		IPv6		Name

ECS (Extended Client Subnet) defines a mechanism for recursive resolvers to send partial client IP address information to authoritative DNS name servers. Content Delivery Networks (CDNs) and latency-sensitive services use this to give geo-located responses when responding to name lookups coming through public DNS resolvers. Note that ECS may result in reduced privacy.

Upstream DNS Servers

Custom 1 (IPv4)

Custom 2 (IPv4)

Custom 3 (IPv6)

Custom 4 (IPv6)

Interface settings

Recommended setting

Allow only local requests
Allows only queries from devices that are at most one hop away (local devices)

Potentially dangerous options

Make sure your Pi-hole is properly firewalled!

Respond only on interface unknown

Bind only to interface unknown

Permit all origins

These options are dangerous on devices directly connected to the Internet such as cloud instances and are only safe if your Pi-hole is properly firewalled. In a typical at-home setup where your Pi-hole is located within your local network (and you have not forwarded port 53 in your router!) they are safe to use.

See our documentation for further technical details.

Advanced DNS settings

Never forward non-FQDN A and AAAA queries

When there is a Pi-hole domain set and this box is ticked, this asks FTL that this domain is purely local and FTL may answer queries from /etc/hosts or DHCP leases but should never forward queries on that domain to any upstream servers. If Conditional Forwarding is enabled, unticking this box may cause a partial DNS loop under certain circumstances (e.g. if a client would send TLD DNSSEC queries).

Never forward reverse lookups for private IP ranges

All reverse lookups for private IP ranges (i.e., 192.168.0.x/24, etc.) which are not found in /etc/hosts or the DHCP leases are answered with "no such domain" rather than being forwarded upstream. The set of prefixes affected is the list given in RFC6303.

Important: Enabling these two options may increase your privacy, but may also prevent you from being able to access local hostnames if the Pi-hole is not used as DHCP server.

Use DNSSEC

Validate DNS replies and cache DNSSEC data. When forwarding DNS queries, Pi-hole requests the DNSSEC records needed to validate the replies. If a domain fails validation or the upstream does not support DNSSEC, this setting can cause issues resolving domains. Use an upstream DNS server which supports DNSSEC when activating DNSSEC. Note that the size of your log might increase significantly when enabling DNSSEC. A DNSSEC resolver test can be found here.

Rate-limiting

Block clients making more than queries within seconds.

When a client makes too many queries in too short time, it gets rate-limited. Rate-limited queries are answered with a REFUSED reply and not further processed by FTL and prevent Pi-holes getting overwhelmed by rogue clients. It is important to note that rate-limiting is happening on a per-client basis. Other clients can continue to use FTL while rate-limited clients are short-circuited at the same time.

Rate-limiting may be disabled altogether by setting both values to zero. See our documentation for further details.

Conditional forwarding

If not configured as your DHCP server, Pi-hole typically won't be able to determine the names of devices on your local network. As a result, tables such as Top Clients will only show IP addresses.

One solution for this is to configure Pi-hole to forward these requests to your DHCP server (most likely your router), but only for devices on your home network. To configure this we will need to know the IP address of your DHCP server and which addresses belong to your local network. Exemplary input is given below as placeholder in the text boxes (if empty).

If your local network spans 192.168.0.1 - 192.168.0.255, then you will have to input 192.168.0.0/24. If your local network is 192.168.47.1 - 192.168.47.255, it will be 192.168.47.0/24 and similar. If your network is larger, the CIDR has to be different, for instance a range of 10.8.0.1 - 10.8.255.255 results in 10.8.0.0/16, whereas an even wider network of 10.0.0.1 - 10.255.255.255 results in 10.0.0.0/8. Setting up IPv6 ranges is exactly similar to setting up IPv4 here and fully supported. Feel free to reach out to us on our Discourse forum in case you need any assistance setting up local host name resolution for your particular system.

You can also specify a local domain name (like fritz.box) to ensure queries to devices ending in your local domain name will not leave your network, however, this is optional. The local domain name must match the domain name specified in your DHCP server for this to work. You can likely find it within the DHCP settings.

Enabling Conditional Forwarding will also forward all hostnames (i.e., non-FQDNs) to the router when "Never forward non-FQDNs" is not enabled.

Use Conditional Forwarding

Local network in CIDR notation	IP address of your DHCP server (router)	Local domain name (optional)

Privacy settings

DNS resolver privacy level

Specify if DNS queries should be anonymized, available options are:

Show everything and record everything

Gives maximum amount of statistics

Hide domains: Display and store all domains as "hidden"

This disables the Top Permitted Domains and Top Blocked Domains tables on the dashboard

Hide domains and clients: Display and store all domains as "hidden" and all clients as "0.0.0.0"

This disables all tables on the dashboard

Anonymous mode: This disables basically everything except the live anonymous statistics

No history is saved at all to the database, and nothing is shown in the query log. Also, there are no top item lists.

The privacy level may be increased at any time without having to restart the DNS resolver. However, note that the DNS resolver needs to be restarted when lowering the privacy level. This restarting is automatically done when saving.

Error

FTL Information

DHCP Settings

Advanced DHCP settings

Currently active DHCP leases

Static DHCP leases configuration

Upstream DNS Servers

Upstream DNS Servers

Interface settings

Recommended setting

Potentially dangerous options

Advanced DNS settings

Rate-limiting

Conditional forwarding

API settings

Top Lists

Query Log

Web interface settings

Interface appearance

Per-browser settings (auto saved)

Privacy settings

DNS resolver privacy level

Backup

Restore