Software-update: Pi-hole Core 6.2 / Web 6.3 / FTL 6.3

Versie 6.2 van Pi-hole Core is uitgekomen. Ook zijn Pi-hole Web 6.3 en Pi-hole FTL 6.3 verschenen. Pi-hole is een advertising-aware dns- en webserver bedoeld om te draaien op een Raspberry Pi in het netwerk. Als op de router naar Pi-hole wordt verwezen voor dns-afhandelingen, zullen alle apparaten binnen het netwerk er automatisch gebruik van maken zonder dat er instellingen hoeven te worden aangepast. Vervolgens worden advertenties niet meer opgehaald, waardoor pagina's sneller laden. In potentie kan er ook malware mee buiten de deur worden gehouden. Voor meer informatie verwijzen we jullie door naar de uitleg en video's op deze pagina, deze handleiding van tweaker jpgview, of dit topic op ons forum. De releasenotes voor deze uitgave kunnen hieronder worden gevonden.

Pi-hole FTL v6.3, Web v6.3 and Core v6.2 Released!

As always, please read through the changelogs before updating with pihole -up

Don’t forget, you can use Teleporter to export your configuration. It can be found under the settings menu of the web interface or on the command line with pihole-FTL --teleporter

This release has also been tagged on Docker as 2025.10.0

Highlights

Security & TLS Enhancements

Shorter validity for self-signed TLS certificate (#2463) – The default validity period for self-signed TLS certificates has been reduced, aligning with modern security best practices and ensuring compatibility with Apple devices. To compensate for the shorter validity, automatic renewal has been implemented. Certificates now default to a 47-day validity period (configurable via webserver.tls.validity) and automatically renew when nearing expiration.

Improved Content Security Policy (#2575) – Improved default CSP headers provide better protection against XSS attacks while maintaining functionality.

Thank you to the folks who responsibly disclosed potential vulnerabilities since our last realease. Details of which can be read at the following links:

• https://github.com/pi-hole/web/security/advisories/GHSA-5v79-p56f-x7c4
• https://github.com/pi-hole/web/security/advisories/GHSA-7w6h-3gwc-qhq5
• https://github.com/pi-hole/web/security/advisories/GHSA-8hr3-47jh-25vr
• https://github.com/pi-hole/web/security/advisories/GHSA-w8f8-92rx-4f6w

Network & DNS Improvements

Smart Interface Detection (#2456, #2607) – FTL now automatically detects the appropriate DNS interface when dns.interface is empty in pihole.toml, eliminating manual configuration in most scenarios.

Netlink ARP Cache Handling (#2600) – Replaced external ip neigh show calls with internal netlink-based communication, dramatically improving performance and reducing resource usage. This addresses “database locked” issues seen in some environments.

Special Domain Handling (#2474) – Added support for .internal domain blocking (following RFC draft-davies-internal-tld-03), preventing these queries from being sent to upstream DNS servers while still allowing local resolution.

DNS Localization (#2524) – New dns.localise configuration option provides better control over DNS query handling.

IPv6 DHCP Support (#2554) – Enhanced the DHCP API to properly support IPv6 addresses and configurations.

Platform & Installation

Alpine Linux Support (pi-hole/pi-hole#6275) – Full native support for Alpine Linux has been added, including proper package management with apk, OpenRC init system support, and comprehensive testing. This expands Pi-hole’s reach to lightweight container environments and minimal installations.

User Interface & Experience

CLI Autocomplete (#2593, pi-hole/pi-hole#6376) – Added bash-style completion support for pihole-FTL commands, making configuration much more user-friendly. Tab completion works for the entire --config path and suggests appropriate values.

Web Interface Improvements
(web#3530, web#3551, web#3533, web#3592, FTL#2645, FTL#2647, FTL#2644, web#3622) – Many small improvements: better visualization of DNS metrics, improved query log handling, enhanced gravity output with colors, refined button styling for blocked/allowed domain actions, improved load average detection and better system information gathering.

Configuration & Management Advanced Web Server Options

(#2635) – New webserver.advancedOpts configuration for fine-tuning web server behavior.

Enhanced API Endpoints (#2530, #2632, #2466) – Multiple API improvements including better error handling, optional restart parameters, and enhanced response formatting.

Web documentation for the config file – https://docs.pi-hole.net/ftldns/configfile/ – we have added some automation and a Python script to parse the latest pihole-FTL config file and to keep the documentation up to date on the web

Performance & Reliability

Updated Core Components (#2544, #2576, #2592, #2570, #2587, #2603, #2614, #2621, #2579):

• SQLite3 updated to 3.50.4 for better database performance
• dnsmasq updated to v2.92test21 with latest fixes
• CivetWeb updated for improved web server functionality
• Migrate TOML library to tomlc17 (tomlc99 has been marked as deprecated)

Memory Management (#2617) – Improved memory handling throughout the codebase to reduce resource usage and improve stability.

Database Resilience (#2605, #2602, #2646) – Enhanced gravity database handling with custom SQLite busy callbacks and better error recovery.

Bug Fixes & Stability

• Fixed PTR query handling for .localhost domains (#2517)
• Resolved DHCP string processing issues (#2519)
• Fixed cache-optimizer query display in logs (#2619)
• Improved NTP IPv6 crash handling (#2569)
• Better foreign fork PR handling in CI (#2543)
• Enhanced debug output and logging throughout (#2594)

Diagnostics

Improved Debug Output (#2600, #2594) – More comprehensive debug information across networking, ARP processing, and system diagnostics.