Added wildcard domain not working

Please follow the below template, it will help us to help you!

Expected Behaviour:

dnsmasq.d is not working to add wildcards

router dhcp ------ rasppi dns ------- vm ---- openshift

root@raspberrypi:/etc/dnsmasq.d# cat 99-openshift.conf 
address=/api.ex280.example.local/192.168.129.152
address=/.apps.ex280.example.local/192.168.129.152

Actual Behaviour:

vi 99-openshift.conf 
root@raspberrypi:/etc/dnsmasq.d#  service pihole-FTL restart
root@raspberrypi:/etc/dnsmasq.d# systemctl status pihole-FTL.service
● pihole-FTL.service - Pi-hole FTL
   Loaded: loaded (/etc/systemd/system/pihole-FTL.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2024-03-21 19:31:33 -03; 4s ago
  Process: 3607 ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh (code=exited, status=0/SUCCESS)
 Main PID: 3620 (pihole-FTL)
    Tasks: 22 (limit: 2062)
   CGroup: /system.slice/pihole-FTL.service
           ├─3620 /usr/bin/pihole-FTL -f
           ├─3639 /usr/bin/pihole-FTL -f
           ├─3640 /usr/bin/pihole-FTL -f
           └─3641 /usr/bin/pihole-FTL -f

Mar 21 19:31:33 raspberrypi pihole-FTL[3620]: [2024-03-21 19:31:33.504 3620M]    PIHOLE_PTR: internal PTR generation enab
Mar 21 19:31:33 raspberrypi pihole-FTL[3620]: [2024-03-21 19:31:33.504 3620M]    ADDR2LINE: Enabled
Mar 21 19:31:33 raspberrypi pihole-FTL[3620]: [2024-03-21 19:31:33.504 3620M]    REPLY_WHEN_BUSY: Drop queries when the d
Mar 21 19:31:33 raspberrypi pihole-FTL[3620]: [2024-03-21 19:31:33.504 3620M]    BLOCK_TTL: 2 seconds
Mar 21 19:31:33 raspberrypi pihole-FTL[3620]: [2024-03-21 19:31:33.504 3620M]    BLOCK_ICLOUD_PR: Enabled
Mar 21 19:31:33 raspberrypi pihole-FTL[3620]: [2024-03-21 19:31:33.504 3620M]    CHECK_LOAD: Enabled
Mar 21 19:31:33 raspberrypi pihole-FTL[3620]: [2024-03-21 19:31:33.504 3620M]    CHECK_SHMEM: Warning if shared-memory us
Mar 21 19:31:33 raspberrypi pihole-FTL[3620]: [2024-03-21 19:31:33.504 3620M]    CHECK_DISK: Warning if certain disk usag
Mar 21 19:31:33 raspberrypi pihole-FTL[3620]: [2024-03-21 19:31:33.505 3620M] Finished config file parsing
Mar 21 19:31:33 raspberrypi pihole-FTL[3620]: [2024-03-21 19:31:33.5

but anything get resolved:

❯ dig +short -x 192.168.129.152
❯ ping https://console-openshift-console.apps.ex280.example.local/
ping: https://console-openshift-console.apps.ex280.example.local/: Name or service not known
❯ ping console-openshift-console.apps.ex280.example.local
ping: console-openshift-console.apps.ex280.example.local: Temporary failure in name resolution

Debug Token:

https://tricorder.pi-hole.net/rvxjLNvQ/

The DHCP server is the router which is giving out Pi-hole's IP and Cloudflare's 1.1.1.1 to clients to use for DNS. While Cloudflare is in the mix you can't be sure that queries are going to Pi-hole. Remove the Cloudflare entry in the router so only Pi-hole is being used.

     DHCP options:
      server-identifier: 192.168.129.1
      dns-server: 192.168.129.244
      dns-server: 1.1.1.1
      router: 192.168.129.1

What do you get when you use dig instead of ping, and ensure you are querying the Pi-hole directly?

dig console-openshift-console.apps.ex280.example.local @192.168.129.244

Note that you can also set these up in Pi-hole directly in Local DNS > DNS Records. This may be easier to manage.

Edit: I was wrong above, you can't do this kind of 'wildcard' mapping in Pi-hole.

Won't work, as that's a URL, not a domain.

Also, note that .local is reserved for mDNS usage and should NOT be used with plain DNS.

ping is aware of this and may not bother to query DNS for .local domains.

Really sorry about the mess on first posting. I did it better at reddit so I will supply here with straight forward steps I made here.

First I have a this basic topology here at home:

ISP router ---- (WAN DHCP) ------ home router (DHCPLAN)----- (pihole DNS) ------ clients

home router brand/model- tplink ax6000

I did the normal setup to pass wildcard to pihole. I created a new file called 02-openshif-dns.conf

address=/api.ex280.example.local/192.168.129.152

address=/.apps.ex280.example.local/192.168.129.152

In my client I did:

❯ nslookup console-openshift-console.apps.ex280.example.local
Server: 127.0.0.53
Address: 127.0.0.53#53

** server can't find console-openshift-console.apps.ex280.example.local: SERVFAIL

❯ nslookup console-openshift-console.apps.ex280.example.local 192.168.129.244
Server: 192.168.129.244
Address: 192.168.129.244#53

Name: console-openshift-console.apps.ex280.example.local
Address: 192.168.129.152

login and same at pi-hole's system

alan@pihole:~ $ nslookup console-openshift-console.apps.ex280.example.local
Server: ::1
Address: ::1#53

Name: console-openshift-console.apps.ex280.example.local
Address: 192.168.129.152

I am trying to setup a lot of this and I will list down here:

/etc/resolv.conf - it can resolve at shell's console but not at browser. It is not permanent too.

/etc/systemd/resolved.conf
[Resolve]
DNS=192.168.129.244
FallbackDNS=127.0.0.53

sudo systemctl restart systemd-resolved
sudo systemd-resolve --flush-caches
sudo systemctl restart NetworkManager
--- not working here

Pihole web interface
Client group management - I don't know but I added all of then there

Domain management whitelist:

(.|^)apps.ex280.example.local$

(.|^)api.ex280.example.local$

Use Conditional Forwarding:

I put my LAN CIDR 192.168.129.0/24 and GW 192.168.129.1

I don't know what can I do more. Can someone could give me a suggestion?

last update here. I put my net interface to use fixed IP. I put it to use only one DNS server. 192.168.129.244 - pihole address

Sorry, I paste some garbage pasting address and doing enter. I will use .home instead .local but earlier my cluster was using example.com and it did not work.

ok, I removed second DNS (1.1.1.1) from my router.

But I configured my PC to use manual configuration.

That client is not using Pi-hole for DNS, but a local stub resolver at 127.0.0.53.

Either disable that resolver, or have it use Pi-hole as its only upstream DNS server.

That nslookup demonstrates that Pi-hole does supply the correct answer if it is queried.

It would seem your clients make use of their ample opportunities to by-pass Pi-hole.
You have to make sure that Pi-hole is the only DNS server for your clients.

Above configuration may be simplified if api and app were the only subdomains of ex280.example.local, by stating just one line for ex280.example.local.

Also note that the leading dot in your second line isn't required.

Furthermore, clients insisting on retrieving an IPv6 addresses would prompt Pi-hole to forward the respective request to its upstream, i.e. you would not control the reply.

To avoid this, either provide IPv6 address lines as well, or declare the domain as local, so pihole-FTL/dnsmasq won't try to seek upstream resolution for it.

While custom configurations are possible as long as they won't conflict with Pi-hole's own, they would be specific to dnsmasq rather than Pi-hole.

For further details, please refer to dnsmasq's documentation on its address option.

reconfigured pihole
alan@pihole:~ $ sudo su
root@pihole:/home/alan# hostnamectl hostname pihole.home
root@pihole:/home/alan# reboot
...
curl -sSL https://install.pi-hole.net | bash

reconfigured again

Removed all pihole.local config related at frontend.
Removed clients

some updates at my pc:

❯ nmcli con mod Conexão\ cabeada\ 1 ipv4.dns "192.168.129.244"
❯ nmcli con mod Conexão\ cabeada\ 1 ipv4.ignore-auto-dns yes
❯ nmcli con up Conexão\ cabeada\ 1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
❯ sudo systemctl restart NetworkManager
❯ nslookup console-openshift-console.apps.ex280.example.local
Server: 127.0.0.53
Address: 127.0.0.53#53

** server can't find console-openshift-console.apps.ex280.example.local: SERVFAIL

yes, you got it. the system is insisting to overide any of my configurations. It is not passing to /etc/resolv.conf what I am doing to force it to use pihole.

19 │ # operation for /etc/resolv.conf.
20 │
21 │ nameserver 127.0.0.53
22 │ options edns0 trust-ad
23 │ search pihole.home

Look, it is not wrinting my manually configured DNS there. This is Fedora 39. NetworkManager is ignoring what I am doing

❯ resolvectl
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 192.168.129.244
DNS Servers: 192.168.129.244

Link 2 (enp4s0)
Current Scopes: DNS LLMNR/IPv4
Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.129.244
DNS Servers: 192.168.129.244
DNS Domain: pihole.home

Note that this is related to your chosen OS rather than Pi-hole.

It is systemd-resolved that is responsible for populating your resolv.conf on Fedora, see e.g. Behavior of Fedora DNS and resolv.conf - #5 by huben - Fedora Discussion

ohh man I got the problem. The problem is in Fedora. As this guy did a workaround to made openfortivpn to work and I did same thing here.

I stopped systemd-resoled. I removed it from initialization and it works now.

Steps:

systemctl disable systemd-resolved
mv /etc/resolv.conf /etc/resolv.conf.old
:> /etc/resolv.conf
reboot

now
❯ nslookup console-openshift-console.apps.ex280.example.local
Server: 192.168.129.244
Address: 192.168.129.244#53

Name: console-openshift-console.apps.ex280.example.local
Address: 192.168.129.152

And I can open it from my browser.

So thanxx for your help and for your tips to configure dnsmasq and to avoid .local in my home.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.