Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Forcing user (not device) to use a set DNS
mentalinc

3196 posts

Uber Geek

Trusted

#299372 2-Sep-2022 21:24
Send private message

Bit of an odd one here.

 

I'm wanting to have 1 user (non admin account) on a windows 11 PC to use an unfiltered DNS (e.g. direct to ISP DNS), while the other accounts (and devices on the network) continue to use the standard network DNS (domain controller and pihole).

 

I could also consider having the one user use the wifi instead of a wired connection but again keen to understand how to force this without unplugged cables etc.

 

Use case is to have the user see adverts for their job (pihole blocking them), but other users on the device need pihole to work, could consider setting up time based 'blocking' in pihole if anyone knows how. i.e. don't block the device from 9-5pm, but block outside this.

 

 

 

Another option I guess is a chrome/Edge/firefox extension that you can configure the DNS for instead? 

 

 

 

thanks

 

mentalinc




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

Filter this topic showing only the reply marked as answer Create new topic
Handle9
11269 posts

Uber Geek

Trusted
Lifetime subscriber

  #2962512 2-Sep-2022 22:40
Send private message

Wouldn't you just manually set the dns for that pc in windows? Set it to 8.8.8.8/1.1.1.1 etc?



Lias
5579 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2962517 2-Sep-2022 23:05
Send private message

Logon script(s) that sets the DNS to x.x.x.x for User A and y.y.y.y for the other users?

 

I see Domain Controller so assuming you are using AD.

 

GPO with a logon script that checks if the user is a member of a certain AD security group, sets the unfiltered DNS if they are, set's system default / DHCP if they aren't?




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

SirHumphreyAppleby
2838 posts

Uber Geek


  #2962528 3-Sep-2022 07:29
Send private message

mentalinc:

 

Another option I guess is a chrome/Edge/firefox extension that you can configure the DNS for instead? 

 

 

Firefox has an option to "Proxy DNS when using SOCKS v5" if you use a SOCKS v5 proxy. Simply setup a SOCKS proxy on a remote host without DNS restrictions and configure the proxy in the user's Firefox profile (no extensions required).

 

If you have a *BSD or Linux box with SSH on your network (or even remote), you can also use PuTTY to create a local SOCKS proxy on the Windows machine and forward requests over SSH.

 

Years ago our out-of-touch development manager announced he'd be switching on SSL content inspection on our network (never happened). I went straight back to my desk and immediately started sending all of my browsing through a VPS in the US. I used a piece of software called MyEnTunnel to keep the SSH connection alive and restart it on boot or if it were disconnected. Unfortunately, the developer's site is no longer operating, but I'm sure there are other tools available to do something similar.

 

 



fearandloathing
503 posts

Ultimate Geek

ID Verified
Lifetime subscriber

  #2962547 3-Sep-2022 10:04
Send private message

You can configure groups in pi-hole with different policies

dt

dt
1152 posts

Uber Geek
Inactive user


  #2962548 3-Sep-2022 10:16
Send private message

If they’re always using the same pc, setting it on the Nic would probably be the easiest thing to do

Or a gpo to set dns servers targeting a user group and adding them to the group could work but the settings may stick if anyone else uses the pc so you would have to do some testing

mentalinc

3196 posts

Uber Geek

Trusted

  #2962562 3-Sep-2022 11:57
Send private message

Thanks, the login script could do the trick (though not sure it runs when "switching user".

 

The setting it at nic and pihole groups all use device (vs just wanting to change 1 user on the device, but not impact the other users.




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

rollercoaster
5 posts

Wannabe Geek


  #2962714 3-Sep-2022 16:42
Send private message

You can redirect the dns query at the router level before the catch-all rule for udp port 53. If you use pf, the rule below might work for you?

 

`
lan01 = "em1"

 

# allows the exempted machine to use any dns resolver
pass in quick on $lan01 inet proto udp from $exempted_pc to any port 53

# catch-all rule that forces the udp port traffic to go through local port 53 regardless of user's resolver
match in on $lan01 inet proto { udp } to !$lan01 port 53 rdr-to $lan01 
pass in quick on $lan01 inet proto { udp } to $lan01 port 53

 

`

 
 
 
 

Shop now on Mighty Ape (affiliate link).
mentalinc

3196 posts

Uber Geek

Trusted

  #2962837 3-Sep-2022 19:09
Send private message

Thanks, but there is one machine (PC), with several users, one should have DNS from ISP, other users should use internal DNS (AD -> pihole -> ISP DNS)




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

nzkc
1557 posts

Uber Geek


  #2962884 3-Sep-2022 21:18
Send private message

Could use a VPN. Since you're using Pihole I'd recommend PiVpn

 

Have your user start the VPN when they "want ads".

 

Configure the VPN to use different DNS servers. VPN can be on the LAN.

 

I know thats a bit clunky... but most DNS solutions are for the host. Rarely for a user.

mentalinc

3196 posts

Uber Geek

Trusted

  #2964427 7-Sep-2022 21:30
Send private message

I've setup some scheduled tasks for login and unlock for the different users to change the DNS settings depending on the user logged in.

 

Quick tests suggests this does the trick, will update if it fails.




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

Filter this topic showing only the reply marked as answer Create new topic





News and reviews »

Logitech G522 Gaming Headset Review
Posted 18-Jun-2025 17:00

Māori Artists Launch Design Collection with Cricut ahead of Matariki Day
Posted 15-Jun-2025 11:19

LG Launches Upgraded webOS Hub With Advanced AI
Posted 15-Jun-2025 11:13

One NZ Satellite IoT goes live for customers
Posted 15-Jun-2025 11:10

Bolt Launches in New Zealand
Posted 11-Jun-2025 00:00

Suunto Run Review
Posted 10-Jun-2025 10:44

Freeview Satellite TV Brings HD Viewing to More New Zealanders
Posted 5-Jun-2025 11:50

HP OmniBook Ultra Flip 14-inch Review
Posted 3-Jun-2025 14:40

Flip Phones Are Back as HMD Reimagines an Iconic Style
Posted 30-May-2025 17:06

Hundreds of School Students Receive Laptops Through Spark Partnership With Quadrent's Green Lease
Posted 30-May-2025 16:57

AI Report Reveals Trust Is Key to Unlocking Its Potential in Aotearoa
Posted 30-May-2025 16:55

Galaxy Tab S10 FE Series Brings Intelligent Experiences to the Forefront with Premium, Versatile Design
Posted 30-May-2025 16:14

New OPPO Watch X2 Launches in New Zealand
Posted 29-May-2025 16:08

Synology Premiers a New Lineup of Advanced Data Management Solutions
Posted 29-May-2025 16:04

Dyson Launches Its Slimmest Vaccum Cleaner PencilVac
Posted 29-May-2025 15:50








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright