Improve DHCP static leases management GUI

[DL6ER]

What does this implement/fix?

See title. This adds a easy accessible table that is kept in sync with the <textarea> which still allows for any advanced configuration.

Please see this movie for a demonstration:

Screencast.From.2025-07-15.12-41-22.webm

You can test all of that even without having the DHCP server enabled. What will be saved in the end is always the content of said <textarea> which is getting stores as dhcp.hosts in pihole.toml.

---

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

---

By submitting this pull request, I confirm the following:

1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
2. I have commented my proposed changes within the code.
3. I am willing to help maintain this change if there are issues with it later.
4. It is compatible with the EUPL 1.2 license
5. I have squashed any insignificant commits. (git rebase)

Checklist:

• The code change is tested and works locally.
• I based my code and PRs against the repositories development branch.
• I signed off all commits. Pi-hole enforces the DCO for all contributions
• I signed all my commits. Pi-hole requires signatures to verify authorship
• I have read the above and my PR is ready for review.

[smithbill17]

The video looks good to me, but unfortunately I'm not able to test this as I have now stopped using PiHole (partly due to this very issue).

However, two comments based on the video:
a) the 'advanced config' line shows nothing in the easy text grid - can't it still show MAC, IP & name but with an expansion arrow (or some kind of indicator) for the additional fields?
b) in PiHole v5, it didn't seem to matter if MACs were entered with hyphens ('-') rather than colons (':'). Is this the case with v6? And does it matter if IPs fall out-with the DHCP scope?

[DL6ER]

a) the 'advanced config' line shows nothing in the easy text grid - can't it still show MAC, IP & name but with an expansion arrow (or some kind of indicator) for the additional fields?

Yes, this is expected and per design. Advanced config lines may include set and id and other identifiers and it'd be very complicated (= error-prone) to edit the "simple" parts of it without damaging the advanced config. Not trying to edit these lines but instead showing where they are in the text area (where the user initially created them) seems the most straightforward and most robust way

b) in PiHole v5, it didn't seem to matter if MACs were entered with hyphens ('-') rather than colons (':'). Is this the case with v6? And does it matter if IPs fall out-with the DHCP scope?

I did add - as separators now. It doesn't matter if IP addresses are within the set DHCP scope.

[yubiuser]

If something invalid is entered in the advanced box (e.g. 00:20:e0:3b:13:af,8.8.8.8.7,laptop) the corresponding field in the table is empty (IP). Maybe we should show invald instead?

The live-editing is cool but only shown advanced > table, not the other way round. Is this by design?

Advanced settings present in line 3

This could be hard to find if n is big. Could we show line numbers in the advanced text box?

[DL6ER]

Could we show line numbers in the advanced text box?

Yes.

If something invalid is entered in the advanced box (e.g. 00:20:e0:3b:13:af,8.8.8.8.7,laptop) the corresponding field in the table is empty (IP). Maybe we should show invald instead?

The code is written such that it parses the same way dnsmasq parses this line. If the IP address is not valid, it is taken as hostname.

The live-editing is cool but only shown advanced > table, not the other way round. Is this by design?

Yes. First, I implemented it both ways but as soon as you edit the IP address, e.g., 192.168.0. (because you are editing the last digit), it'd immediately be dropped from the IP column as it is now invalid. This prevents further editing. Hence, I decided we let the user finish what they want and then click save.

[yubiuser]

If the IP address is not valid, it is taken as hostname.

Except when a hostname is also given

[rdwebdesign]

I tested using an invalid IP (192.168.0.300) and a hostname:

00:20:e0:3b:13:af,192.168.0.300,laptop

When saved, the invalid IP is ignored, resulting in 00:20:e0:3b:13:af,laptop.

I think this is the correct behavior, but no warning was returned to the user, to inform something was wrong and the entry was "fixed" to fit the valid input fields. Maybe we need a warning/alert for cases like this.

[DL6ER]

Like so?

Screencast.From.2025-07-20.1.webm

[DL6ER]

Screencast.From.2025-07-20.20-39-42.webm

[yubiuser]

I think the colors for invalid IP/MAC need a bit adjustment.
When using the light theme, the white color of the text has low contrast to the rosè background. When using a dark theme, the red color of the cell is almost invisible.

[rdwebdesign]

Quick suggestion just to improve the colors:

Suggested change

	#StaticDHCPTable td.table-danger {
	background-color: #ff000022 !important;
	color: #fff !important;
	}
	#StaticDHCPTable td.table-success {
	background-color: #74c70022 !important;
	color: #fff !important;
	}
	#StaticDHCPTable .table-danger {
	background-color: #d337;
	}
	#StaticDHCPTable .table-success {
	background-color: #2c24;
	}

Still using semi-transparent colors, but now the contrast is good enough when using the original text color, so I think we don't need to change color:.

Also, we should use !important only in cases where we really need it.

[DL6ER]

Oh, I did not see this before. I pushed non-transparent suggestions that should be the same on all variants, otherwise. Not overly pretty but it may suffice. Otherwise, we'll theme-dependent colors and this PR already became a lot more involved than I had hoped initially.

[rdwebdesign]

I added one commit to change the high contrast themes. On these themes the colors are not as important as the contrast/readability.

[rdwebdesign]

Note:

I was testing with DHCP server disabled, so I'm not sure if we need to fix this, but when you use the textearea to enter a line, if there are invalid values on this line, the values are not checked and the API accepts everything, including the invalid values.

The first line contains an invalid IP:

00:20:e0:3b:13:af,192.168.0.300,laptop,infinite
00:20:e0:3b:13:af,192.168.0.123,laptop

[DL6ER]

I was testing with DHCP server disabled, so I'm not sure if we need to fix this, but when you use the textearea to enter a line, if there are invalid values on this line, the values are not checked and the API accepts everything, including the invalid values.

Yes, invalid dhcp-host lines are fine for dnsmasq. It just goes on when no useful content was found (like 0,0,0). Invalid IP addresses, like in your example, will simply be interpreted as host names (just like the table does).

[github-actions]

Conflicts have been resolved.

[PromoFaux]

I've rebased this branch on development and (hopefully) fixed the merge conflict.

Docker Tag 2025.11.1Core v6.3FTL v6.4.1Web interface v6.4

If you would like to try this branch on docker, you can bake your own local image utilising this FTL branch by following these instructions:

https://docs.pi-hole.net/docker/build-image/

[derchrisuk]

I have been running on this branch for last 2-3 days.
Works like a charm.
One change I would like to suggest, right now when you add additional options, it removes the entry from the gui view.
Not sure what else you can add, but i added the infinite option as per the examples.
Maybe this can be added as an option once you copy the lease.
Because the overview is much nicer than just the textarea box

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[DL6ER]

I rebased on current development and resolved the merge conflict.

I also addressed the two outstanding review items:

1. Save button UX: Changed the row save icon from floppy-disk to a checkmark, and updated the hint text to: "Please confirm changes using the green button, then click 'Save & Apply' before leaving the page." This makes the two-step flow clearer — the green button confirms the row edit, "Save & Apply" persists to the config.

2. Hostname validation: Added input validation on the hostname cell, matching the existing MAC/IP validation pattern. Invalid hostnames (containing spaces, commas, or other characters not allowed in DNS names) are highlighted in red with a tooltip. Valid DNS hostname characters: letters, digits, hyphens, and dots.

[rdwebdesign]

This is the explanation for my commit:

From developer.mozilla.org - Regular expressions - Character class: [...], [^...]: v-mode character class:

In addition to ] and \, the following characters must be escaped in character classes if they represent literal characters: (, ), [, {, }, /, -, |.

[rdwebdesign]

I added buttons to lines containing advanced settings. It will allow to delete these lines and add lines after them, like we do on other rows. Only the "Save" button will be disabled:

[rdwebdesign]

@DL6ER

Why are you enabling all buttons here?
Are you sure this line is needed?

If the line is needed, we can enable the buttons, except Save buttons created with .disabled CSS class:

Suggested change

	tbody.find(".save-static-row, .delete-static-row, .add-static-row").prop("disabled", false);
	tbody.find(".save-static-row:not(.disabled), .delete-static-row, .add-static-row").prop("disabled", false);

[Copilot]

Copilot was unable to review this pull request because the user who requested the review is ineligible. To be eligible to request a review, you need a paid Copilot license, or your organization must enable Copilot code review.

[github-actions]

Conflicts have been resolved.

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 8 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

parseStaticDHCPLine() can mis-parse valid dnsmasq lines like 00:11:22:33:44:55,laptop,infinite (MAC, hostname, lease_time). With parts.length === 3 and no IP present, the code treats the 3rd token as hostname, and saving from the table would drop the real hostname and corrupt the line. Consider only treating 3-part lines as editable when they match the unambiguous pattern MAC,IP,HOST (or otherwise classify them as "advanced" to keep them read-only).

[yubiuser]

This is a valid remark. --dhcp-host has only optional arguments so things can be quite fast 'advanced'
https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

[Copilot]

IPv6 entries in dhcp.hosts are documented as requiring square brackets (e.g. [2001:db8::1]), but the table validation uses utils.validateIPv6(val) directly. Since validateIPv6() doesn't accept bracketed values, valid bracketed IPv6 addresses will be flagged invalid and blocked from saving. Adjust validation (and save-time checks) to accept bracketed IPv6 by stripping surrounding [] before calling validateIPv6*, and/or normalize stored values consistently.

[Copilot]

After updating #dhcp-hosts via the table actions (save/delete/add), the code sets .val(...) but does not trigger an input event. This leaves the new line-number gutter (and any other input listeners) out of sync because the line-number updater listens to the textarea's input event. Consider triggering input (or calling the line-number updater) after programmatic updates to the textarea.

[Copilot]

renderStaticDHCPTable() re-enables all action buttons unconditionally. This overrides the earlier prop("disabled", true) on save buttons for "advanced" rows, making them clickable again (even though they still have the .disabled class). Update this to avoid re-enabling .save-static-row.disabled (or keep the disabled state set when rendering advanced rows) so advanced rows remain truly non-interactive.

Suggested change

	tbody.find(".save-static-row, .delete-static-row, .add-static-row").prop("disabled", false);
	tbody
	.find(".save-static-row:not(.disabled), .delete-static-row, .add-static-row")
	.prop("disabled", false);

[rdwebdesign]

This change was already requested.

[Copilot]

Buttons are created dynamically with data-toggle="tooltip", but the tooltip initializer ($('[data-toggle="tooltip"]').tooltip(...)) only runs once on DOM ready. Newly inserted buttons (DataTables rows and StaticDHCPTable buttons) won't get Bootstrap tooltips unless tooltips are re-initialized after render/draw or initialized via delegated selector on body.

[Copilot]

The UI marks invalid hostnames with .table-danger, but the per-row save handler only validates MAC/IP and will still write an invalid hostname back into the textarea. Either validate hostname in the save path as well (blocking save when invalid), or avoid presenting the red/green validity state as an error if it won't be enforced.

[Copilot]

The new theme overrides use #StaticDHCPTable .table-danger/.table-success, but base pi-hole.css defines #StaticDHCPTable td.table-danger/.table-success with higher specificity. That means the base colors will still win even when the high-contrast theme is loaded, so these theme rules likely won't take effect. Match the selector specificity (e.g. include td as in the base rule) and/or use !important so the theme can actually override the base styling.

Suggested change

	#StaticDHCPTable .table-danger,
	.blocked-row td {
	background-color: rgba(230, 160, 160, 0.3);
	}
	#StaticDHCPTable .table-success,
	#StaticDHCPTable td.table-danger,
	.blocked-row td {
	background-color: rgba(230, 160, 160, 0.3);
	}
	#StaticDHCPTable td.table-success,

[rdwebdesign]

This will be fixed if my previous suggestion to change pi-hole.css is used.

We don't need the higher specificity on pi-hole.css. A better fix would be to remove td from pi-hole.css, as suggested before.

[Copilot]

These overrides use #StaticDHCPTable .table-danger/.table-success, but base pi-hole.css sets #StaticDHCPTable td.table-danger/.table-success (more specific). As a result, the base colors will override the theme and these rules may never apply. Increase specificity (e.g. target td.table-danger / td.table-success) and/or add !important so the high-contrast-dark theme can override the base table cell styling.

Suggested change

	#StaticDHCPTable .table-danger,
	.blocked-row td {
	background-color: rgba(56, 0, 40, 0.35);
	}
	#StaticDHCPTable .table-success,
	.allowed-row td {
	background-color: rgba(0, 64, 64, 0.35);
	#StaticDHCPTable td.table-danger,
	.blocked-row td {
	background-color: rgba(56, 0, 40, 0.35) !important;
	}
	#StaticDHCPTable td.table-success,
	.allowed-row td {
	background-color: rgba(0, 64, 64, 0.35) !important;

[rdwebdesign]

This will be fixed if my previous suggestion to change pi-hole.css is used.

We don't need the higher specificity on pi-hole.css. A better fix would be to remove td from pi-hole.css, as suggested before.

[markusdd]

Hi all, was directed here based on issue #6593. Very encouraging to see the work on this. Have a couple suggestions, questions:

a) Would it make sense to also mark which of the static leases are active? This is usually a convenient way of finding out if a specific device is online and has accepted the static lease already. This is something many router UIs offer.
b) I am not sure if and how this is covered based on the videos posted, but is there now an easy way to make a dynamic lease into a static one again?
c) Many good router UIs also have the feature to be able to click either the hostname and/or ip to get to the web page of a given device if it exposes one. This is super handy especially when dealing with printers, scanners or smart home devices to configure them and find them in the network.

Other than that this looks very good and would v6 bring back to what v5 had already done nicely.

[darkexplosiveqwx]

Hi all, was directed here based on issue #6593. Very encouraging to see the work on this. Have a couple suggestions, questions:

a) Would it make sense to also mark which of the static leases are active? This is usually a convenient way of finding out if a specific device is online and has accepted the static lease already. This is something many router UIs offer. b) I am not sure if and how this is covered based on the videos posted, but is there now an easy way to make a dynamic lease into a static one again? c) Many good router UIs also have the feature to be able to click either the hostname and/or ip to get to the web page of a given device if it exposes one. This is super handy especially when dealing with printers, scanners or smart home devices to configure them and find them in the network.

Other than that this looks very good and would v6 bring back to what v5 had already done nicely.

Quick note:
Pi-hole is not a router.

I can already tell you that a) is not really possible. Pi-hole can detect when a device renews its DHCP lease, but most of the time the DHCP lease time is one week or longer. When Pi-hole only sees a sign of life from the device every week or so, I dont think that it would result in useful data. Routers can track whether a device is online or not by looking at the IP packets it sends to the internet, since the router is the gateway. This allows much more accurate online tracking. For the vast majority, Pi-hole is not the gateway device, and even if it were, Pi-hole is restricted to DNS and DHCP and not routing.

Regarding c), it could be possible, but I don't see it realistically being in Pi-hole. The goal of Pi-holes DHCP server has never been being a full-featured router.

Like Dan Schaper (Pi-hole co-founder) said on the Discourse feature request:

I'll remind everyone that the DHCP server in Pi-hole was intended to be a fallback for people that had routers from their ISPs that locked out the ability to modify the DNS servers provided to the LAN clients.

b) is already possible with this PR (you can test it with pihole checkout web new/simple-dhcp-static-leases and go back to the stable release with pihole checkout web master, for docker see https://docs.pi-hole.net/docker/build-image/)

[markusdd]

I'm aware of the scope. Nevertheless the DHCP function is a core functionality as the correct DNS'es are also being broadcast by it and I, and I assume many others, have decided to use pihole for exactly that purpose - because it makes you independent of whatever your router/modem/gateway/whatever provider thinks is good for you.
I could also do DHCP using my Unifi gateway, but that makes things much less easy to overlook in the end. Having dns entries and dhcp at one location just makes sense from an administration standpoint.

Happy to see b) addressed because that is actually most important.
The linking to the devices is of course nice to have a but it is a great convencience.

As for the lease activeness from a): Yes, that is kind of a heuristic. Probably also the least 'important' point.

As for c): I think that has no bearing on whether pihole is a router or not, it's just a useful convenience feature. It does not require any router capabilities.