Hi,
I’d like to address any DNS request coming from my LAN (192.168.3.0/24) to pihole which is installed as a Virtual machine (actually as a OpenmediaVault’s docker) in Vmware workstation pro.
I’d like to make sure that I get everything right.
So, I set pihole’IP in Dns servers of the tab Network in DHCP server window, that is 192.168.3.66. (I set also a second dns server 1.1.1.1 in case pihole stop working for any reason).
Question one: need I to uncheck “Allow Remote Requests” in DNS settings tab?
Question two: in order no to allow any clients in my LAN to bypass pihole filters in some way, I was wondering whether this rules get the job:
So, I set pihole’IP in Dns servers of the tab Network in DHCP server window, that is 192.168.3.66. > (I set also a second dns server 1.1.1.1 in case pihole stop working for any reason).
What @msatter meant is that DNS clients expect all available/configured DNS servers to be equal and use one of them according to own will (many implementations use one server as long as it replies to requests. If first server fails to reply, client starts to use second server and doesn’t return to first one as long as second server replies to requests).
“Second server” as a second physical server machine?
You meant that I should delete the second dns server 1.1.1.1 in dhcp server to make sure clients don’t use it?
Second server as the other DNS configured on client machines (either second IP address configured as DNS server on DHCP server or second resolver configured statically on client machine …). Doesn’t matter what kind of server that is (local or remote, virtual or physical), DNS client couldn’t care less …
But yes, if you don’t want clients to use 1.1.1.1 as DNS server at any random time (your pihole could be working mostly fine at that time), then you should not configure that server as DNS server on clients. If you want to have redundancy while maintaining pihole functionality, you should setup two pihole servers (not sharing any of physical infrastructure apart from gateway router) and configure clients to use those two as DNS servers …
Ok I think I’ve understood it now! So, I guess that I can’t set those firewall rules if pihole (and its ip) is not onlien all the time. Clients wouldn’t get any ip resolution. Right?
Just out of curiosity,
Is there a way (a script or something -possibly set on mikrotik) that can check if a dns server machine is online, and if not redirect the request from client to the server online. In our case, it would be something like, “if pihole fails, go back and ask mikrotik?” Maybe it is too much to ask
Still here
There must be something wrong with the firewall rules.
I can’t get access to the internet anymore, but pihole seems to be getting dns request from my PC, but it can’t respond back to my PC, or the pc can’t get the address resolution somehow.
I deleted the two rules above and I can get access again.
maybe I need to set more rules in the firewall, not sure though.
Thanks
I have pihole as a docker in OpenMediavault,
I got this:
root@openmediavault:~# docker exec -it pihole dig google.com
; <<>> DiG 9.10.3-P4-Debian <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41700
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 254 IN A 216.58.198.14
;; Query time: 35 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Sat Feb 29 13:54:36 CET 2020
;; MSG SIZE rcvd: 55
Anyway, I have already set pihole IP in Mikrotik’s DHCP as the only dns server.
What do you mean, “Later you then also point the mikrotik to Pi-hole.”?
Thanks
