Let me begin by saying, I’m no expert, but I’m pretty decent in reading and comprehending the English language, and I’m quite adapt at following clear directions. That said, I’ve tried every half-baked solution I can think of to get the Ubiquiti access point to use the Pihole DNS Server, and most all similarly half-baked “solutions” presented in miscellaneous forum posts and YouTube, all to no avail.
My current setup:
Edgerouter 12
Lan1 (eth8) - 192.168.40.0/24 (For future use)
Lan2 (Switch0) - 192.168.30/0/24 (VLan aware eth 0 – 7)
- Pihole primary (eth5) - 192.168.30.21 (static)
- Pihole secondary (eth6) - 192.168.30.21 (static)
- Ubiquiti U6-Pro AP - Currently offline until I can find a reliable solution, and close to the box it came in, in case I cannot.
- TP-Link AX1800 Router - VLan40 only - 10.0.40.11 (static) configured in access point mode
- VLan20 (eth1) - 10.0.20.0/24 - wired, PC, personal/business.
- VLan30 (eth2) - 10.0.30.0/24 - wi-fi, trusted personal wireless devices, internet only.
- VLan40 (eth3) - 10.0.40.0/24 - TP-Link AP, wired & wi-fi, Work VLan, employer issued devices.
- VLan50 (eth2) - 10.0.50.0/24 (inactive)
- VLan60 (eth2) - 10.0.60.0/24 (inactive)
Attached is a rudimentary drawing of my setup, everything is up and running, except for VLan’s on Port 2, currently only Vlan30 has been active for testing until I get this worked out, VLan50 and 60, Guest and IoT is inactive.
All Lan’s and VLan’s are directed to use the Piholes as primary and secondary DNS Servers thru DHCP and Firewall rules. Using Pihole as DNS Server works perfectly with all devices, on all Lan’s and VLan’s, except when connecting thru the U6-Pro AP, then everything bypasses the Pihole. Connect the same devices to the TP-Link AP, no problem, Pihole DNS works perfectly. DHCP and Firewall rules are precisely the same for all VLan’s attached to the two Access Point’s, and switching the APs to serve the others VLan, no difference, DNS works as expected when connected to the TP-Link AP regardless of ports or Vlans, the U6-Pro, not so much.
I have tried every permutation of NAT rules, firewall rules and order of rules suggested, in addition to what I could think of myself. I’ve set up VLan1, moved 192.168.30.0/24 to it from Switch0, had the U6-Pro on it with, or without, the Pihole. In the Unifi controller, I’ve set specified the Pihole as DNS Server, set Firewall rules for the same thing, the list goes on and on. So far, the reset buttons on the Edgerouter and U6-Pro, has seen more action than a lady-of-the-night during fleet week.
I’m left with a few possible conclusions, first, I could be a dullard, which is always a possibility, second, I don’t know the secret handshake, or third, the Jeezless thing has a hardcoded DNS. Either way, it shouldn’t be this hard, I hope someone are able offer some constructive help, or if it isn't possible to get the thing working the way I want, please let me know, so that I can move on to a solution that will. Thanks.