Hi all - please tell me if I’m doing this wrong:

My 12yo spends all day on YouTube shorts. I want to block it, but can only block YouTube entirely. Blocking for everyone would upset my 15yo, so I need per-client domain filtering.

That was easy on Pi-hole. But my Raspberry died and I heard praise for Adguard Home so now I run that as a Docker container.

  1. I can’t figure out how to block YouTube for only some devices. Is that not possible with Adguard? Claude gives me complicated nonsense; you can easily do better.

I want to ditch Adguard and go back to Pihole. The caveat is that I must let Pihole run the DHCP server, in order to get correct per-client blocking. That’s a pity, as I have a neat UniFi network set up.

  1. Can I get Pihole’s per-client blocking without Pihole as DHCP?

I don’t mind setting it all up in Pihole again (as yet another container) because I know it works (it’s how I had it before the Raspberry died). But I would love to know if I am going about this the wrong way? Thank you!

  • Im_old@lemmy.worldEnglish
    16·
    5 days ago

    Just so you know, you can run pi-hole as a container as well

    About dhcp, I don’t know about unifi, but I guess in the firewall you can configure static dhcp leases. So son1 devices always get same ip. Then you can configure a hairpin port forwarding, so any requests for ports tcp/udp53 from his devices get forwarded to pi-hole. That is assuming that in the “general” dhcp config you assign an external dns.

    Otherwise you could try creating two different dhcp pools, one with pi-hole (and make sure son1 devices get a static lease in there) and one for everyone else.

    As a side note, I recommend looking into self hosting your piped instance, so even son2 can enjoy YouTube without all the ads! (And the tracking)

    • cannedtuna@lemmy.worldEnglish
      3·
      5 days ago

      Posting here so I remember to share my UniFi setup later. Off the top of my head UniFi manages my DHCP leases like normal, and I set my DNS to my Pihole server with I forget what logging option on so I get full metrics in Pihole of what clients are what for each DNS request.

      • AliasVortex@lemmy.worldEnglish
        3·
        4 days ago

        That sounds pretty similar to how I have my network setup:

        • PiHole has conditional forwarding configured (true,192.168.0.0/24,192.168.1.1,lan note: .lan is optional here, I uss it for my internal TLD) to get device names from router
        • PiHole uses Unifi as the upstream DNS and DHCP
        • Unifi uses cloudflare as the upstream DNS
        • Unifi hands out the PiHole as the DNS via DHCP config

        That way I get stats in all the places and can use Unifi for DHCP.

  • This2ShallPass@lemmy.worldEnglish
    2·
    4 days ago

    You don’t need DHCP, you can just use DNS and then set up different blocking groups based on the device.

    The problem with this solution is that is it opt in. You would need to change all the wifi settings on each device separately to point to Pi-Hole as the DNS. This is something that could easily be disabled as a 12 year old would probably be able to figure out how to change the settings on their mobile devices or computer with a Google search.

    • PlutoniumAcid@lemmy.worldOPEnglish
      1·
      3 days ago

      Between my network and the ISP modem, I habe a UniFi router. That’s the one I tell to send DNS requests to Pihole.

      The only way to get around that is by setting e.g. 1.1.1.1 into the local computer’s network settings. My boys aren’t that tech literate - yet.

  • starshipwinepineapple@programming.devEnglish
    3·
    5 days ago

    Pihole can set up “groups” for different blocklists. You specify client by IP or MAC address so it doesnt matter what the dhcp server is, so long as there’s a static IP or static MAC address. My pihole server doesn’t have dhcp set up and I’m able to do this fine

    Though from personal experience this just becomes a game of cat and mouse, and if you have a motivated teenager then they will find a way to circumvent this. For example android can rotate MAC addresses, and IP addresses are trivial to spoof as well.

  • DarkSirrush@lemmy.caEnglish
    2·
    5 days ago

    I am definitely not the best at networking, but can’t you do that through your current dhcp client?

  • Godnroc@lemmy.worldEnglish
    21·
    5 days ago

    I run AdGuard as an addon to Home Assistant. If you want to stick to AdGuard you can go to Settings > Client Settings and set a per-client filtering rule. There is a tab in the client settings that can be used to filter specific services with a click. Setting an IP reservation for your child’s device in the DHCP settings of Unifi or your router will help ensure the IP address stays consistent.

    For the PiHole option, you don’t actually have to let the PiHole handle DHCP. You just need to tell your DHCP server what DNS server to use. For example, my router is .1 and my Raspberry PI is .2. The DHCP server, my router, tells all devices .1 is the gateway and .2 is the DNS server. You may also need to set these settings on the individual devices to prevent them from ignoring your DNS settings, but that can be done from the network settings. Avast had some safe networking “feature” that would force my DNS settings to be ignored, same with my Android phone.

    Of course, the downside to all of this is that any different device, different IP, device from a friend, or mobile data could bypass these restrictions. You may soon be in an arms race with your child and chances are they can get more clever that you can in a shorter time frame.