Files
2026-07-12 10:17:17 -04:00

1.5 KiB

Pi-hole v6 API & CLI Quirks

CLI Changes from v5

v5 command v6 equivalent Notes
pihole -w <domain> pihole allow <domain> Whitelist/allow
pihole -b <domain> pihole deny <domain> Blacklist/deny
pihole -c REMOVED Use PADD instead
pihole -g pihole updateGravity Same, but -g still works

API Endpoints

Old (v5) New (v6)
/admin/api.php /api
Query string auth POST /api/auth with {"password":"..."}
No auth needed for some endpoints Auth required for most endpoints

Password & Auth

  • Password stored as hash in /etc/pihole/pihole.tomlpwhash
  • Temporary CLI password at /etc/pihole/cli_pw (regenerated on FTL restart, limited permissions)
  • Docker env WEBPASSWORD sets the password but is masked in docker inspect
  • App passwords for 2FA: set app_pwhash in pihole.toml

FTL Telnet API

  • Port 4711 inside container (127.0.0.1:4711)
  • Not exposed outside the container by default
  • Commands like >stats, >recent work via nc 127.0.0.1 4711 inside container
  • May require authentication in newer versions

Database Schema (v6)

Key tables:

  • queries — all DNS queries (timestamp, domain, client, status)
  • gravity — no longer exists as separate table; integrated differently
  • domainlist — may not exist; allow/deny lists stored in different structure
  • network, network_addresses — client tracking
  • counters — summary stats