Please follow the below template, it will help us to help you!
Expected Behaviour:
Operating System Ubuntu Server 24.04
Hardware i7 14900kf, 64gb ddr5, 2x8TB hdd
Docker compose file or Docker run command
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
#ports:
# DNS Ports
#- "53:53/tcp"
#- "53:53/udp"
# Default HTTP Port
#- "82:80/tcp"
# Default HTTPs Port. FTL will generate a self-signed certificate
#- "444:443/tcp"
# Uncomment the below if using Pi-hole as your DHCP Server
#- "67:67/udp"
environment:
# Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
TZ: 'America/Mexico_City'
# Set a password to access the web interface. Not setting one will result in a random password being assigned
FTLCONF_webserver_api_password: 'mypassword'
# Volumes store your data between container upgrades
volumes:
# For persisting Pi-hole's databases and common configuration file
- './etc-pihole:/etc/pihole'
# Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used>
#- './etc-dnsmasq.d:/etc/dnsmasq.d'
cap_add:
# See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# Required if you are using Pi-hole as your DHCP server, else not needed
- NET_ADMIN
dns:
- 10.0.1.67
network_mode: host
restart: unless-stopped
Docker engine version 27.4.1
I have pihole doing conditional forwarding to my active directory dns server which is in another subnet 10.0.0.0/24, my subnet is 10.0.1.0/24, both subnets r connected over vpn.
What i need is my clients to be able to resolve for example ping windows-pc and also computer01-pc which belongs to the active directory with the domain computer01-pc.example.local
The only temporary solution i have found so far, is to set the Pi-hole domain name to example.local, that way all my clients can get an ip for all the hostnames, the local ones and the ones from example.com
The issue is that when i do that, every domain gets resolved as example.local, even the local ones, which is something i dont want, because im planing forward to have example.local and vpn.local domains and id like to have both been resolve properly.
I also have to mention that pi-hole is working as a dhcp server as well
Actual Behaviour:
without the temporary solution, none of my clients get anything resolved, local or remote
Not directly related to your issue, but .local is the TLD reserved for the mDNS protocol, and should not be used with plain DNS. Doing so would cause unnecessary additional network traffic and potentially confuse you when DNS and mDNS would yield different resolution results.
Granted, that potential is lower in your case, as your search domain is longer than just .local , but you still should consider to use one of the TLDs reserved for home network usage, like .internal , .lan or .home.arpa.
Simple, non-dot hostnames are only resolvable in your local network.
If you need to access a device on a remote network by name, you'd have to either run a local DNS server that holds the respective DNS records, or you'd have to be able to identify where to forward resolution for a given DNS request based on its name.
In such a constellation, simple hostnames would become ambiguous.
It would be impossible to decide whether router should be expanded to router.example.local or router.vpn.local.
The obvious solution is to always have clients use FQDNs to access remote devices by name.
Not directly related to your issue, but .local is the TLD reserved for the mDNS protocol, and should not be used with plain DNS. Doing so would cause unnecessary additional network traffic and potentially confuse you when DNS and mDNS would yield different resolution results.
Granted, that potential is lower in your case, as your search domain is longer than just .local , but you still should consider to use one of the TLDs reserved for home network usage, like .internal , .lan or .home.arpa .
Thanks for this information, i wasnt aware, but anyway i was planing on use lan or nothing in the "Pi-hole domain name", problem is if i set this to lan, all my querys from clients get resolved as lan and i stop getting responses from the computer01-pc which is part of the example.local active directory domain, am i to asume this is expected behaviour and theres no way arround it?
Simple, non-dot hostnames are only resolvable in your local network.
If you need to access a device on a remote network by name, you'd have to either run a local DNS server that holds the respective DNS records, or you'd have to be able to identify where to forward resolution for a given DNS request based on its name.
pihole atm is my local dns/dhcp server, if i understand correctly ur telling me i should run a separate dns server for the active directory requests? i got a bit lost with this answer
In such a constellation, simple hostnames would become ambiguous.
It would be impossible to decide whether router should be expanded to router.example.local or router.vpn.local.
The obvious solution is to always have clients use FQDNs to access remote devices by name.
Aight, so if i get this right, theres no way for me to be able to ping windows-pc and computer01-pc which is part of example.local, without using "Pi-hole domain name" as lan for example, or by using "Pi-hole domain name" as example.local so every request gets identified the same?
No.
As you want to forward certain lookups to another DNS server, you need to be able to distinguish DNS requests by name, i.e. its FQDN has to follow a unique pattern.
Alternatively, you could just create required Local DNS records within your local DNS Server (Pi-hole).
But as you mention you run Pi-hole as DHCP server as well:
In that constellation, Pi-hole may be configured to expand hostnames for DHCP clients as well as Local DNS records by dns.domain.
If you create a Local DNS record for laptop pointing to 192.168.1.20, while dns.Expand.Hostsis set to true and dns.domain is set to lan, Pi-hole will automatically add the respective FQDN DNS record, i.e. both laptop as well as laptop.lan will resolve to 192.168.1.20.
A query for e.g. laptop.lan will first be looked up locally, and if Pi-hole holds a DNS record for laptop.lan, then Pi-hole will use that for its reply, i.e. it won't forward the query in that case.
If lan would also be the local domain of your remote network, you may succeed in forwarding requests to lan to your remote AD server.
But you should be aware that locally defined domains would shadow any identically named remote devices, and that this could only work with exactly one remote AD server.
If you add a second remote location, that needs to have a unique local domain, to facilitate as a distinguishing element for conditional forwarding.
Well i tried ur way, if i set expand.hosts to true and dns.domain to lan, i can ping everything with just the name of the device, for example nvr, without a dot or anything, but then i loose the ability to ping devices on my vpn network which is under the domain name example.local, unless i do it with the fqdn server.example.local.
I though it would try to look first in the local domain and if it doesnt find it, then it would look on the conditional forwarding, but its not.
So unless i did something wrong, theres no way to setup my local domain as lan and still have responses of example.local devices without the fqdn?
