Hi,
I'm running Pi-hole on a Pi Zero W. My router model is Arris 1682G with Xfinity service and I want to set my pi-hole as the only DHCP server for my whole network. My Pi is connected to my router with an ethernet cable, but I originally set it up with only WiFi and had to reconfigure the Pi-hole to use ethernet.
Since my router/modem does not allow me to disable DHCP or set exact IP addresses, I tried to follow all of the instructions in this post and set my DHCP range to only my Pi-hole's IP, but this is where I'm running into problems. I was first given 10.0.0.253 as my IPv4 when I set up my Pi/Pi-hole with WiFi. Then, when I reconfigured for ethernet I set 10.0.0.251 as the Pi-hole's static IP. This worked for a bit, then for a few days "ipconfig" was showing no eth0 IPv4. I was also not able to SSH into my Pi with the .251 address, only the .253. Just now I went through disabling IPv6 then deleting the local.conf file as explained in this comment, which seems to have worked and I'm seeing the 10.0.0.251 IP everywhere now for my Pi and Pi-hole's ethernet address.
Actual Behaviour:
So, the problem: on my router's admin page, I have the DHCP range set as 10.0.0.250 - 10.0.0.251, I was attempting to assign my Pi's Ethernet address as my only DHCP server as the post I linked instructed. But under "connected devices" on my router admin page I also see my Apple Watch (S3 w/ cellular) as having the exact same IPv4, 10.0.0.251.
The problem is that currently, I don't think all of my network's traffic is going through my Pi-hole. The Pi-hole admin page shows that there is some traffic going through and it is blocking some things, but I think the numbers should be higher for my entire network of ~10-15+ devices, especially with the extensive block lists I have set. Could some of the network's devices be using the Apple Watch as their DNS server? Is that even possible? I've been searching online for how to manually renew the DHCP lease of the watch, and finding nothing. I was also hoping for help regarding whether I set the DHCP range correctly on my router admin, and if the Pi-hole's DHCP server that I enabled is actually working. Additionally, when it comes to IPv6 I'm pretty lost. Is the process the same as how I set the range for IPv4?
More info:
I have the Pi-hole's DHCP server enabled currently with a range of 10.0.0.101 to 10.0.0.249.
On most of our devices on the network, I have manually set the DNS server as 10.0.0.251. Is this the only reason I'm seeing some traffic on my Pi-hole? If this is the only way for my Pi-hole to work then it's acceptable, but I would much rather have all traffic on the network automatically going through it.
I would like to avoid setting the DHCP range on the router admin to 10.0.0.251 - 10.0.0.252 if possible, a PC on the network was already manually set to 10.0.0.252 and it isn't mine.
10.0.0.250 is under "offline devices" on the router admin page, I believe it's a device that was once connected to my Wifi network that we no longer own. Will this arise in problems since 10.0.0.250 is within the DHCP range I set?
On at least 2 of my personal devices using the Pi-hole DNS, I'm still seeing a lot more ads than I would expect with a 1.3mil block list.
Thanks in advance, and sorry this post ended up being so long. I am new to a lot of these concepts, and pretty clueless so any help will be appreciated.
Do you have a standalone AP that you could use? Have you considered purchasing your own modem and router and not renting the Xfinity one? You'd probably get much more reliable throughput.
Can I the output of "ipconfig /all" from a windows device? Or "ifconfig" from a linux device?
Lastly, what are the DNS settings listed on the Arris gateway?
And a small update: earlier I edited the /etc/dhcpcd.conf file on my Pi to set the static IPv4 again, and it seems to have worked so far. Since then my Pi, other devices, and router admin page all show the 10.0.0.251 eth0 address again. I also realized that my changes in the router's DHCP range as well as enabling Pi-hole's DHCP must have done something, as I see traffic on my Pi-hole from devices on which I never changed any DNS settings. But my question remains of whether all of my network's traffic or just some is going through the Pi-hole.
Only DNS traffic can and should be handled by Pi-hole, and to that end, Pi-hole must be your clients sole DNS server.
Since you can't switch off your router's DHCP server, limiting its DHCP range to accomodate just Pi-hole is a viable way to allow for a predictable way of coexistence with Pi-hole's DHCP server.
Yet your router's range is allowing for two IPv4 addresses, .250 and .251, so a device snatching the latter would likely by-pass Pi-hole.
Otherwise, all your devices that have acquired a DHCP lease through Pi-hole will use Pi-hole's IPv4 address as their DNS server.
Note that some devices may still stick with your router's DHCP lease until that expires. You may force clients to acquire a new DHCP lease, e.g. by switching on an off WiFi on a Smartphone or by enabling and disabling a PC's network adapter.
Power-cycling a device should always make it request a new lease.
That has your IPv4 side covered.
However, your devices still may use also your router's IPv6 address as DNS server, if your ISP has enabled IPv6 for your connection (try ipconfig /all on a Windows machine to check your DNS servers).
If you cannot configure your router not to offer its own IPv6 address (or those of your ISP) as DNS server, you should consider disabling IPv6 on your router altogether.
If you can do neither, devices will bypass Pi-hole via IPv6.
All modern OSs, have a tendency to prefer IPv6 over IPv4 (especially smartphone ones).
Thank you, this answers my IPv4 question. I can deal with this one device bypassing the Pi-hole if it means the rest of them will use it.
Regarding IPv6, unsurprisingly my router doesn't allow me to disable it. But you're saying I should be fine if I set the DHCP range to the Pi's IPv6 like I did with IPv4, correct?
IPv6 works differently than IPv4.
With IPv6, both Pi-hole and your router will wave at your clients "Need some DNS server? Here, have some.", and your clients wil pick one at their own discretion.
You've got to stop you router from offering that service.
I advised you to check whether your ISP offers IPv6 at all (e.g. by checking your DNS servers for IPv6 addresses on a client), and if so, to stop your router from offering its own IPv6 (or your ISPs) as DNS server, and if that's not possible, switch off IPv6 altogether.
The range I have set in the lower field was an IPv6 address for my Pi, I was trying to do the same thing as I did with IPv4. So if these are my only options, is there any damage control I can do to reduce the amount of IPv6 traffic going through a different DNS?
I do see IPv6 addresses as clients on my Pi-hole, and currently at least some of that traffic is going through it. Is my best bet just disabling IPv6 on a per-device basis or do you see something in these settings that may help?
I'm sorry, I can't provide advice specific to your router.
Your router's manual or support forums may be better suited for getting specific support.
You may be able to control IPv6 (and IPv4) by-passes by diverting outbound port 53 to your Pi-hole machine, or by blocking outbound port 53 for all devices except your Pi-hole machine in your router.
However, that would again depend on your router supporting it.
