pihole-mcp
Provides tools for managing Pi-hole v6.x: query stats, device analysis, allow/deny lists, local DNS records, blocking control, and backup.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@pihole-mcpshow me the top blocked domains"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
pihole-mcp
MCP server for Pi-hole v6.x (the new /api endpoint, session-based auth via X-FTL-SID). Besides direct Pi-hole API proxying, it provides a few composite tools for analyzing devices on the network (top domains, anomalies, suspicious activity via NXDOMAIN/block-ratio) — these aren't in the Pi-hole API itself, they're extra logic layered on top of /api/queries.
Tools
Stats and queries
Tool | Description |
| Overall stats: total queries, blocked, clients, domains on Gravity |
| Top queried/blocked domains |
| Top clients by query count |
| Search the log by domain/client IP, with a time filter |
| Most recently blocked queries |
| Domain status — is it blocked, and in which list |
Device analysis
Tool | Description |
| Client profile: queries, blocks, details |
| Recent queries from a specific client |
| Comprehensive analysis: top domains, block ratio, NXDOMAIN flags (possible DNS tunneling/malware) |
| Clients with an anomalously high number of queries |
Lists (allow/deny, exact and regex)
Tool | Description |
| Exact-match domain in the denylist |
| Exact-match domain in the allowlist |
| Regex pattern in the denylist |
| Regex pattern in the allowlist |
Local DNS
Tool | Description |
| A-record overrides |
| CNAME records |
Management and backup
Tool | Description |
| Turn blocking on/off, with an auto-re-enable timer |
| Update the blocklists |
| Full configuration backup (Teleporter) as base64. Export only — restore intentionally not implemented |
Related MCP server: pihole-mcp
Setup
git clone <this-repo> pihole-mcp && cd pihole-mcp
python3 -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r requirements.txt
cp .env.example .env # fill in PIHOLE_URL / PIHOLE_PASSWORD / MCP_SECRET
uvicorn server:app --host 0.0.0.0 --port 8002Systemd unit example: deploy/pihole-mcp.service.
Security model
Auth is an
Authorization: Bearer $MCP_SECRETheader on/mcp. EmptyMCP_SECRET= no check (local network/VPN only)./.well-known/oauth-authorization-server+/oauth/authorize+/oauth/tokenare a compatible stub for claude.ai custom connectors, which don't support a static API key — only full OAuth 2.1 or no auth at all. The actual protection is the Bearer token on/mcp. Via Claude Code CLI (claude mcp add --header ...) you don't need the stub.redirect_uriin/oauth/authorizeis checked against an allowlist (claude.ai,anthropic.com,console.anthropic.com,localhost).The Pi-hole API can't filter
/queriesbyclient=server-side — the server pulls the last N (5000 by default) records across the whole network and filters them itself, with an explicit warning in the response if the window might not cover the target client's full history.Transport: the server does not terminate TLS itself — it listens on plain HTTP. If it's reachable beyond localhost/a trusted LAN (and especially if you're connecting it as a custom connector in claude.ai, where HTTPS is required), put TLS termination in front of it: Cloudflare Tunnel, Tailscale Funnel, nginx/Caddy + Let's Encrypt, etc. Without that, the Bearer token (
MCP_SECRET) in theAuthorizationheader goes out in plaintext.
Requirements
Pi-hole v6.x (not v5 — the
/api/...endpoints only appeared in v6).Python 3.11+.
License
MIT — see LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/nickcheban/pihole-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server