I have been playing around with PiHole on Raspberry Pi. It has been working pretty well as a network wide ad blocker and has certainly increased performance on mobile devices.
I am specifying the DNS server in the DHCP server/network/dns servers setting. I have not found a good way to specify static DNS entries on Pihole.
Would a good solution to remove any servers from the IP/DNS server list, but specify any static IP under the static tab. Then specify 2 DNS serves in the DHCP server - the first being the router, then the 2nd pointing to the Pihole dns server.
Would queries check the router DNS (including) static entries, then look to Pihole for all else? Probably not terrible efficient. Is there a better way to do this - I am still getting the hang of DNS and Pihole.
LOL - 2 days ago Pihole V5 was released and … wait for it… Local DNS records can now be added. Yay - it seems to be working. They have made a number of enhancements. You can read more about it here: if you are so inclined. https://pi-hole.net/2020/05/10/pi-hole-v5-0-is-here/#page-content
I am still curious if someone would chime in about how the DNS servers would resolve one another… and what the best practice is to integrate this with Mikroitk DNS.
Think about all device’s DNS servers as equal (all need to have the same info), device can ask any of them at any time. It may not be strictly true, different systems may use different algorithms. But you can’t rely on the first one being always asked first. And even if it would, it could be just a little slow and system will ask another, and if it happens to answer faster, you could get “wrong” response. And because every record has TTL (how long it’s valid), as long as it doesn’t expire, system won’t send the same query again. So you’ll see random failures on different devices. Same record will work on one and not on another, and after a while it suddenly starts working again, and stops working somewhere else. It’s real fun to debug something like that.
Not sure if is proper way of handling DNS, but I left Cloudflare as DNS under DHCP-Server>Network and use NAT to redirect to my Pi-hole instance. My Pi-hole has the router set as it’s DNS so that I could use Static DNS and the router had Cloudflare set for it’s DNS. I have some that I don’t want going to the Pi-hole, so I use an address list to exempt them and a second set of NAT rule as a catch all to redirect to the router so that static entries still work.
Thanks - that is a pretty slick idea. Looks like you get the best of both worlds with this. I see the ew Pihole has per client and grouping blocking options now… that adds a great deal of flexibility.
Did you add the router to one of the custom dns options? I have played around with the conditional forwarding?
I appreciate you sharing your solution - thank you.
It has it’s drawbacks as well! When forwarding, the Pi-hole only sees the Router as a client, so the per client/group blocking won’t work. Devices on my network only get 1.1.1.1 & 1.0.0.1, so if I was to disable both sets of NAT rules the devices would still have functioning DNS. I originally had set the Pi-Hole and a separate Mikrotik (CHR) device as the DNS for my devices, but discovered my folly when the server both instances was running on crashed and I had to go to each devices in my network that spans 3 houses and 4 outbuildings to renew DHCP Leases. This is why I settled on the only using Cloudflare as client DNS and just forward. I may in the future give Pi-hole an address out side my LAN so that I clients can connect directly again. I briefly attempted this, but ran into issues with unRAID and just haven’t spent the time on it.
Yes, I added my Router as a Custom Server and disabled all others.
Great discussion, i tried pihole once but the system slowed down, and complaints from users, since I didnt know what I was doing, caused me to pull the plug on the idea.
In other words your discussion as simple as it is, is still no basic enough for me.
Flavour based on questions below.
What is the best approach to inserting PI hole as the DNS resolver and by that I mean the basic starting point is difficult.
(1) Put PiHole on its own port?
(2) Put PiHole on its own subnet?
(3) put Pihole on its own VLAN?
how to assign all my vlans to use pihole and should I??
how to set up DHPC servers wrt DNS
how to set up IP DNS
do you redirect users (force to use pihole dns source)?
Biggie - how to direct all DNS to pi hole BUT…Pihole still has to get out the router to make the requests (how is this best accomplished)???
What happens if there is a pihole failure, what is the backup plan so my network doesnt completely fail.
would most likely use either cloudfare 1.1.1.1 or quad9 9.9.9.9