So my pihole DNS server is located on VLAN X while my other devices are in VLAN Y. Both VLAN subnets can communicate with each other via one router.
I tried using this listening behavior but clients from DNS queries to this pihole server from clients in VLAN Y are not being responded to. I think the definition of this listening behavior is a bit ambiguous. One router is "one hop away" so why would it not work? I had to choose " Listen on all interfaces, permit all origins" for this to work.
VLANs split your network in virtual segments.
Packets from one VLAN to another have to be routed through a gateway, thus two hops.
(Pi-hole - hop1- gateway ip - hop2 - target ip)
In networking though, a hop is a router. The gateway is the first hop. Consider this example:
That's 2 hops (2 routers). If I was to use your explanation, then it would be 3 hops(two routers and target device) which is incorrect.
That is but one way of looking at it.
You can interpret hop count as either the number of intermediate nodes between source and targets or as the number of node to node traversals.
I can see my poorly chosen example only lent to the confusion of that ambiguity.
I've amended it to better reflect traversals.
The dnsmasq option Pi-hole is setting for Listen on all interfaces puts it this way:
--local-serviceAccept DNS queries only from hosts whose address is on a local subnet, ie a subnet for which an interface exists on the server.
So if your Pi-hole host machine has an interface and address within each of your VLANs, you wouldn't need Listen on all interfaces, permit all origins.
But you'd need that as soon as an IP is reachable only via a gateway.
That makes much more sense. The "hop" word there makes it a bit confusing for some people like me. Thanks for the clarification.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
