Hi
I'm looking for a best practice approach and i think i got it i'm not sure i just need some clarification.
Here is my network
The router here has an ip of 192.168.1.1
The guest Wifi network 192.168.1.2 but dhcp is handled from 192.168.1.1
i have 2 piholes that the main router is pointing to Pihole 1 - 192.168.1.101 and Pihole2 -192.168.1.102. All the guest network users are affected by the piholes adblocking functionality - great.
The idea with the pi holes is to have them running in parallel, my DNS config on the piholes are as follows;
And conditional forwarding is pointing to my router 192.168.1.1
I have a Pfsense box with 2 nics one facing the router at 192.168.1.100 and its DNS is set to the 2 pi holes.
The other NIC is connected to the internal network where all the machines have a network range of 10.2.x.x/23. I have DHCP set up on the pf sense box for the range 10.2.1.10 to 10.2.1.254. The other range 10.2.0.1 - 254 is reserved for servers with static IP's.
The DHCP server settings point to the DNS servers in the internal network as they're also domain controllers.
In the DNS Management settings of my domain controllers under the forwarders tab;
I have put the addresses of the 2 pi holes. This seems to have worked so far but the other day i had some trouble where some of the machines on the 10.2.x range were not affected by the pihole ad blocking.
Is there something i'm missing or might need to look at further?
FYI machines that are on the 192.168.x.x network cannot contact the machines on 10.2.x.x network but the machines on the 10.2.x.x network can reach machine on the 192.168.x.x network. so i can ping and access the routers and piholes remotely from the 10.2.x.x network