Anyone has Pihole working with IPFire (Firewall)

Anyone is successfully running Pihole with IPfire Unbound DNS?

I had Pihole running over WIfi on a Rpi 0
With an older Wifi router/DHCP, Pihole worked great.

Now I added an IPfire (firewall/Router/IPS/DNS/DHCP) v2.25-149 running on a fanless box.

I kind of miss the way I had it before, but unfortunately I need that firewall working.
I changed the Wifi-Router into a Wireless Access point (basicaly
put a wire into WAN-port coming from IPfire GREEN port) and let IPFire run everything from routing, DHCP, DNS.

It looks like this
Pihole ....Wifi...>WAPoint--cable-->IPFire --->Modem

IPfire 's DNS is I think Unbound. It's not so smooth. It is very picky about the Upstream DNS, so pretty much no US based DNS servers are recommended because they filter traffic and that will disrupt the traffic going out the router.

So IPfire doesn't like the Pihole as well. Inside IPFire DNS settings, I put pihole as one of the Upstream DNS and added 9.9.9.9 etc...

In Pihole, I have IPFire as Upstream and 9.9.9.9.

On client PC, if I just put Pihole DNS, it will not resolve,
So I put Pihole as DNS1-
and IPfire as DNS2,

nslookup pi-hole.net

now when I get

no answer

but pihole log instantly shows entry in the log.
that means it gets resolved,
but sometimes it won't get resolved.
but that's obviously some issue with IPfire. and I have to restart it.

I would appreciate any feedback

This isn't exactly Pi-hole related, it's rather a network configuration issue.

There is likely a multitude of configurations that would produce a working DNS resolution.

I' probably start by giving a client -> Pi-hole -> IP-Fire -> public DNS line-up a try:
a) Have your DHCP server (should be your IPFire) distribute Pi-hole as sole local DNS server via DHCP, so your DHCP clients will talk to Pi-hole exclusively.
b) Configure Pi-hole to have your IPFire as its only upstream DNS server on Settings | DNS
c) Verify that Pi-hole's Never forward reverse lookups for private IP ranges option in Advanced DNS settings is not ticked, and also disable Conditional Forwarding.
d) Have your IPFire use its own unbound as its upstream, and configure unbound a recursive resolver if you can. Use any upstream of your choice if you can't.

Since IPFire is a firewall, you may also have to allow local DNS traffic explicitly. You'd have to consult your IPFire's manuals and/or support on how to achieve that.

1 Like

Thank you Bucking_Horn,

a) I have done that
b) I changed that
c)Verified
d) I am still working on this one

I have also discovered that the one of the IPS rulesets (Intrusion detection) is blocking traffic from Pihole on port 53. even when Pihole IP is whitelisted. Sofar the workaround is to disable IPS on Green interface (network behind firewall)
This is obviously IPfire issue,
Thank you again for your suggestions.

Hello Werner @whole,

I have pihole and IPFire working together. I'm not sure I understand the issues you see (beside it doesn't work). But connecting them together works fine for me.

On the IPFire Community there are others that have pihole working also. (FYI - the IPFire Community is a Discourse system just like this one).

To get things working I recommend turning off some of the services temporarily. Turn off IPS for now. Depending on your firewall rules you may want to turn off those also. Once you get everything working you can turn services back on one at a time.

Set the IPFire DNS (menu Network > Domain Name System) to your DNS of choice. I use Quad9 (9.9.9.9) also.

Set the PiHole DNS (menu Settings > DNS) to Quad9. Once everything works you can point it (upstream it) to the IPFire box.

Up until today that was my settings and all is working well!

Hope this helps!

1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.