BT Smarthub 6 and Pihole DNS

0110 · July 10, 2018, 8:17am

Hi,

I have a question for you all knowledgeable people here.

I use Pihole behind a BT Smarthub 6. I have disabled BT DHCP and use Pihole's DHCP. Recently I have also started using Pihole All-around DNS solution.

As some of you may already know the BT hub does not allow for DNS server to be changed on the router. So I am struggling to understand the following:

All-around DNS solution makes any difference if BT hub uses BT DNS server anyway or to be more precise, would my DNS queries be logged with BT DNS server first before they go to root servers?

2)If the above is true then potentially am I creating a bottleneck in my network by using All-around DNS solution because its serving no purpose.

I hope someone with more knowledge chimes in and enlighten me as I am perplexed with this issue.

Look forward to your response.

Best,

V

jfb · July 10, 2018, 3:47pm

By "all around DNS solution" I assume you mean you are running unbound on the Pi as the local DNS recursive resolver. If so, this local resolver talks directly to the root servers listed in "/var/lib/unbound/root.hints," and these in turn point the resolver the lower domain servers as appropriate. The PiHole talks to the local resolver, the local resolver goes to the appropriate domain name servers and gets the DNS, then the PiHole gives the DNS back to the client.

I run this setup on a Pi, but I don't have the same router as you and I don't use the PiHole as my DHCP. However, I don't think either of those two items change the behavior.

I don't believe that the local resolver talks to your router DNS in any way - it is completely bypassed in this setup as long as your network devices are all using the PiHole for DNS, which they should be if you use the PiHole DHCP.

Run "dig pi-hole.net" and see if the resolver is talking to the root servers. In the case shown below, it is.

pi@Pi-3B:~ $ dig pi-hole.net

; <<>> DiG 9.10.3-P4-Raspbian <<>> pi-hole.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58442
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 13

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;pi-hole.net.			IN	A

;; ANSWER SECTION:
pi-hole.net.		86400	IN	A	206.189.252.21

;; AUTHORITY SECTION:
pi-hole.net.		86400	IN	NS	ns6.pi-hole.net.
pi-hole.net.		86400	IN	NS	ns3.pi-hole.net.
pi-hole.net.		86400	IN	NS	ns2.pi-hole.net.
pi-hole.net.		86400	IN	NS	ns4.pi-hole.net.
pi-hole.net.		86400	IN	NS	ns1.pi-hole.net.
pi-hole.net.		86400	IN	NS	ns5.pi-hole.net.

;; ADDITIONAL SECTION:
ns1.pi-hole.net.	13045	IN	A	208.94.148.4
ns2.pi-hole.net.	13045	IN	A	208.80.124.4
ns3.pi-hole.net.	13045	IN	A	208.80.126.4
ns4.pi-hole.net.	13045	IN	A	208.80.125.4
ns5.pi-hole.net.	13045	IN	A	208.80.127.4
ns6.pi-hole.net.	13045	IN	A	208.94.149.4
ns1.pi-hole.net.	13045	IN	AAAA	2600:1800:10::1
ns2.pi-hole.net.	13045	IN	AAAA	2600:1801:11::1
ns3.pi-hole.net.	13045	IN	AAAA	2600:1802:12::1
ns4.pi-hole.net.	13045	IN	AAAA	2600:1801:13::1
ns5.pi-hole.net.	13045	IN	AAAA	2600:1802:14::1
ns6.pi-hole.net.	13045	IN	AAAA	2600:1800:15::1

;; Query time: 32 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul 10 10:26:40 CDT 2018
;; MSG SIZE  rcvd: 428
----------------------------

If you run the same command again with an external DNS server (bypassing your local recursive resolver), the authority section is not there.

pi@Pi-3B:~ $ dig pi-hole.net @1.1.1.1

; <<>> DiG 9.10.3-P4-Raspbian <<>> pi-hole.net @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21777
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;pi-hole.net.			IN	A

;; ANSWER SECTION:
pi-hole.net.		8534	IN	A	206.189.252.21

;; Query time: 24 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Jul 10 10:44:11 CDT 2018
;; MSG SIZE  rcvd: 56

0110 · July 11, 2018, 8:41am

Hi jfb,

Thanks for getting back to me.

I ran the command and got the first set of information as per your post. Which means its bypassing the router DNS. That's great news.

Another quick question, If I were to not use the All-around DNS solution and say I was using google dns upstream DNS (under pihole settings), would it still bypass my router's DNS servers or would they pass through the router DNS to go to google DNS servers?

Thank you.

VP

jfb · July 11, 2018, 11:53am

I don't believe DNS has a hopping feature like that - the request goes to one DNS or another, not through one to another.

Run the second command, but substitute the Google DNS address for the Cloudflare DNS I was using: dig pi-hole.net @8.8.8.8

You should get something like the output below, which shows that the Google DNS server provided the answer.

dig pi-hole.net @8.8.8.8
    ; <<>> DiG 9.10.6 <<>> pi-hole.net @8.8.8.8
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4851
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;pi-hole.net.			IN	A

    ;; ANSWER SECTION:
    pi-hole.net.		21599	IN	A	206.189.252.21

    ;; Query time: 86 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Wed Jul 11 06:52:05 CDT 2018
    ;; MSG SIZE  rcvd: 56