Advice for PiHole working with 2 subnets and an Active Directory DNS

Hi

I'm looking for a best practice approach and i think i got it i'm not sure i just need some clarification.

Here is my network

The router here has an ip of 192.168.1.1

The guest Wifi network 192.168.1.2 but dhcp is handled from 192.168.1.1

i have 2 piholes that the main router is pointing to Pihole 1 - 192.168.1.101 and Pihole2 -192.168.1.102. All the guest network users are affected by the piholes adblocking functionality - great.

The idea with the pi holes is to have them running in parallel, my DNS config on the piholes are as follows;

And conditional forwarding is pointing to my router 192.168.1.1

I have a Pfsense box with 2 nics one facing the router at 192.168.1.100 and its DNS is set to the 2 pi holes.
The other NIC is connected to the internal network where all the machines have a network range of 10.2.x.x/23. I have DHCP set up on the pf sense box for the range 10.2.1.10 to 10.2.1.254. The other range 10.2.0.1 - 254 is reserved for servers with static IP's.

The DHCP server settings point to the DNS servers in the internal network as they're also domain controllers.

In the DNS Management settings of my domain controllers under the forwarders tab;
image

I have put the addresses of the 2 pi holes. This seems to have worked so far but the other day i had some trouble where some of the machines on the 10.2.x range were not affected by the pihole ad blocking.

Is there something i'm missing or might need to look at further?

FYI machines that are on the 192.168.x.x network cannot contact the machines on 10.2.x.x network but the machines on the 10.2.x.x network can reach machine on the 192.168.x.x network. so i can ping and access the routers and piholes remotely from the 10.2.x.x network

Did you actually try your setup? Do you observe the expected behavior? If the answer is yes to both questions the chance are high that the answer to

is just no.

Thanks I just needed a sanity check lol. I also found disabling "Never forward non fqdn A and AAAA queries" and "Never forward reverse lookups for private up address ranges" as both of the pi's are not serving as DHCP servers and fixed a few other temperamental issues like not being able to access any webpages at one point but it's sorted

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.