Thanks! It's a bit complex but gets the job done
Yes, but it works easiest with Android devices using Private DNS (iOS doesn't have native support
). Private DNS is basically DoT. I have a VPS in a local DC that's ~5ms away, that VPS runs PiHole with DoT exposed through an Nginx proxy. Nginx has 1IPv4, 1IPv6, and listens for connections on port 853 using a multi-domain SSL that covers kid1-ph.xyz.com, kid2-ph.xyz.com, etc-ph.xyz.com. Each hostname, 'kid2-ph.xyz.com' is associated with a dummy IPv4/6 on the pihole interface, and the requests are proxied to pihole using the dummy IPv4/6 as the source. This way pihole always thinks it got a connection for "kid1" from "ip1", and you can set "ip1" to be part of a client group. It sounds way more complicated typing this out - you basically just take in requests from multiple sources, spoof the origins to local IPs on PiHole, then that local IP is associated with a client group. I can write up a howto at some point.
That's the external aspect - Internal I have a VPN connection on the router to the VPS with the dummy IPs routed over it (no internet over VPN just DNS). Then I set all the related kiddo devices (kid1 phone, tablet, tv, etc) to use the same internal dummy IP for DNS (this is the local client dns grouping aspect)