Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Forcing user (not device) to use a set DNS
mentalinc

3384 posts

Uber Geek
+1 received by user: 1023

Trusted

#299372 2-Sep-2022 21:24
Send private message

Bit of an odd one here.

 

I'm wanting to have 1 user (non admin account) on a windows 11 PC to use an unfiltered DNS (e.g. direct to ISP DNS), while the other accounts (and devices on the network) continue to use the standard network DNS (domain controller and pihole).

 

I could also consider having the one user use the wifi instead of a wired connection but again keen to understand how to force this without unplugged cables etc.

 

Use case is to have the user see adverts for their job (pihole blocking them), but other users on the device need pihole to work, could consider setting up time based 'blocking' in pihole if anyone knows how. i.e. don't block the device from 9-5pm, but block outside this.

 

 

 

Another option I guess is a chrome/Edge/firefox extension that you can configure the DNS for instead? 

 

 

 

thanks

 

mentalinc




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

Filter this topic showing only the reply marked as answer Create new topic
Handle9
11925 posts

Uber Geek
+1 received by user: 9675

Trusted
Lifetime subscriber

  #2962512 2-Sep-2022 22:40
Send private message

Wouldn't you just manually set the dns for that pc in windows? Set it to 8.8.8.8/1.1.1.1 etc?



Lias
5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #2962517 2-Sep-2022 23:05
Send private message

Logon script(s) that sets the DNS to x.x.x.x for User A and y.y.y.y for the other users?

 

I see Domain Controller so assuming you are using AD.

 

GPO with a logon script that checks if the user is a member of a certain AD security group, sets the unfiltered DNS if they are, set's system default / DHCP if they aren't?




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

SirHumphreyAppleby
2939 posts

Uber Geek
+1 received by user: 1860


  #2962528 3-Sep-2022 07:29
Send private message

mentalinc:

 

Another option I guess is a chrome/Edge/firefox extension that you can configure the DNS for instead? 

 

 

Firefox has an option to "Proxy DNS when using SOCKS v5" if you use a SOCKS v5 proxy. Simply setup a SOCKS proxy on a remote host without DNS restrictions and configure the proxy in the user's Firefox profile (no extensions required).

 

If you have a *BSD or Linux box with SSH on your network (or even remote), you can also use PuTTY to create a local SOCKS proxy on the Windows machine and forward requests over SSH.

 

Years ago our out-of-touch development manager announced he'd be switching on SSL content inspection on our network (never happened). I went straight back to my desk and immediately started sending all of my browsing through a VPS in the US. I used a piece of software called MyEnTunnel to keep the SSH connection alive and restart it on boot or if it were disconnected. Unfortunately, the developer's site is no longer operating, but I'm sure there are other tools available to do something similar.

 

 



fearandloathing
537 posts

Ultimate Geek
+1 received by user: 206

ID Verified
Lifetime subscriber

  #2962547 3-Sep-2022 10:04
Send private message

You can configure groups in pi-hole with different policies

dt

dt
1152 posts

Uber Geek
+1 received by user: 371
Inactive user


  #2962548 3-Sep-2022 10:16
Send private message

If they’re always using the same pc, setting it on the Nic would probably be the easiest thing to do

Or a gpo to set dns servers targeting a user group and adding them to the group could work but the settings may stick if anyone else uses the pc so you would have to do some testing

mentalinc

3384 posts

Uber Geek
+1 received by user: 1023

Trusted

  #2962562 3-Sep-2022 11:57
Send private message

Thanks, the login script could do the trick (though not sure it runs when "switching user".

 

The setting it at nic and pihole groups all use device (vs just wanting to change 1 user on the device, but not impact the other users.




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

 
 
 
 

Shop now on AliExpress (affiliate link).
rollercoaster
5 posts

Wannabe Geek
+1 received by user: 4


  #2962714 3-Sep-2022 16:42
Send private message

You can redirect the dns query at the router level before the catch-all rule for udp port 53. If you use pf, the rule below might work for you?

 

`
lan01 = "em1"

 

# allows the exempted machine to use any dns resolver
pass in quick on $lan01 inet proto udp from $exempted_pc to any port 53

# catch-all rule that forces the udp port traffic to go through local port 53 regardless of user's resolver
match in on $lan01 inet proto { udp } to !$lan01 port 53 rdr-to $lan01 
pass in quick on $lan01 inet proto { udp } to $lan01 port 53

 

`

mentalinc

3384 posts

Uber Geek
+1 received by user: 1023

Trusted

  #2962837 3-Sep-2022 19:09
Send private message

Thanks, but there is one machine (PC), with several users, one should have DNS from ISP, other users should use internal DNS (AD -> pihole -> ISP DNS)




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

nzkc
1634 posts

Uber Geek
+1 received by user: 1041


  #2962884 3-Sep-2022 21:18
Send private message

Could use a VPN. Since you're using Pihole I'd recommend PiVpn

 

Have your user start the VPN when they "want ads".

 

Configure the VPN to use different DNS servers. VPN can be on the LAN.

 

I know thats a bit clunky... but most DNS solutions are for the host. Rarely for a user.

mentalinc

3384 posts

Uber Geek
+1 received by user: 1023

Trusted

  #2964427 7-Sep-2022 21:30
Send private message

I've setup some scheduled tasks for login and unlock for the different users to change the DNS settings depending on the user logged in.

 

Quick tests suggests this does the trick, will update if it fails.




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

Filter this topic showing only the reply marked as answer Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright