I have been experimenting with Conditional Forwarding. *RATE_LIMIT=0/0
So, far every time I turn it on I get an ARP storm. I don't really need it on but I'm not sure this is functioning as intended. I read several other posts back in 2020 where this was an issue for some and it simply cleared. Mine does not and it makes piHole unresponsive for up to 5 min sometimes.
The weird part is my router is looking for the wrong CIDR network.
My settings are as follows:
192.168.50.0/24 192.168.50.1 VieiraNet
This is what happens when I enable conditional forwarding with those settings:
REMOVED
This is what it looks like with it off, and it takes a bit for the leases to roll over so that my router stops being the one making the requests.
REMOVED
As you can see it does then retain some of the domain names but not all. I know most people are going to say turn off DHCP in my ASUS AX92U and use the piHole but it doesn't have the same controls and functionality that my ASUS has, the only feature I would gain is domain name control and viewing.
Any help would be appreciated in trying to figure out what's happening. I have network certified but not cisco certified so I understand networking.
I have piHole running on top of the Raspbien OS 64-Bit / Raspberry Pi 4 8GB.
Let me know what other information you'd need to diagnose or fix this issue.
You've configured a DNS loop. Your router is forwarding PTR requests back to Pi-hole. Is Pi-hole your routers WAN upstream DNS server?
Additionally, 192.168.50.193 is likely a device your router does not know the hostname for.
Please post the output of
dig -x 192.168.50.193 @192.168.50.1
Removing the WAN settings and applying conditional forwarding again seems to have corrected the issue.
REMOVED
HOWEVER, turning that off allows the router to bypass the pihole. And use non-open-DNS. This also means it bypasses my content filters setup in the piHole.
True. But how many queries do you expect from your router itself?
One way to circumvent this is to make sure your router or Pi-hole do know hostnames of your devices.
So if I put OpenDNS sever addresses in my WAN config. Will my content blocks and black lists still function on the piHole?
My ASUS router sends alot, most of my IOT devices and some larger devices when they get blocked ask the router to call out.
REMOVED
Even when they are not blocked the router is repeating the query.
REMOVED
This is why I point the router to the piHole as upstream so it can't circumvent my blocks.
Then I would make sure your Pi-hole knows a hostname for your devices. You can add an "Local DNS record" via the web interface.
Local DNS records are based on IP.
IP lease time is 48hrs, which means I can lose blocking if an IP changes.
I feel like Local DNS should be based on MAC address but with all the "private" MAC options on devices these days it's getting hard to control by MAC alone.
I guess I'm going to have to go full Static DHCP reservations and reconfigure IF I want to use conditional forwarding.
No. Blocking is not affected by Local DNS records.
Even if the IP of a device will change Pi-hole will still block it (except you have some very special group management configuration). The only downside could be that another device gets the IP and the IP <-> DNS record association is not valid anymore.
Can you assign fixed DHCP leases to clients on your router.
Yes, I can go full static, not the best option but it is an option.
Best option is to make sure your router knows the hostname of the devices.
Thanks for the assistance. I have removed sensitive screenshots and understand a bit more how PiHole processes DNS.
I think I'm trying to use the piHole as more of an edge router. I might need to go full pFsense or Ubiquity DM.
