Conditional forwarding to Bind on localhost at an alternate port?

I am running both pihole and bind on the same box. Bind is running on port 5353 and is configured as the upstream resolver to pihole, and in general this is working correctly. I am having trouble with name lookups; for example, bind has a zonefile for "3.4.10.in-addr.arpa" however if I do an nslookup for 10.4.3.11 I get "** server can't find 11.3.4.10.in-addr.arpa: NXDOMAIN". If I do an nslookup specifying -port=5353 I get the correct answer. My understanding is that this gets solved by configuring a conditional forwarder in pihole, however using the UI it seems I can't set that to an alternate port?

Is there a way to do this using the config files? Is there a better solution than a conditional forwarder?

Since you are already using bind as Pi-hole's upstream resover, there is neither need nor use to enable Pi-hole's Conditional Forwarding - provided that bind would actually know about local names (either directly or by appropriately forwarding respective requests itself).

Usually, it would be the router's internal DNS server that knows about local names, by virtue of the router's DHCP server injecting the respective DNS records.
If that would be the case for you as well, enabling CF and pointing it to your router should solve your issue. However, note that some router models won't create DNS records for hostnames as claimed by their DHCP clients.

This box runs my dhcp and dns from before I used pihole (so isc-dhcp-server and bind9) and I put pihole in front of bind for ad blocking. Essentially, it needs to ask localhost on port 5353, but I don't think I can do that?

In that case, CF won't help you, as my first sentence applies:

AFAIAAO, ISC is strictly DHCP, i.e. it doesn't handle DNS, e.g. for some of Ubiquiti's EdgeRouter models, it is recommended to disable ISC and use dnsmasq instead for local DNS names. And I remember some reports for certain MicroTik models, where installation of a custom script on the MicroTik router was required to handle DNS record creation from DHCP leases.

I noticed you've edited your original post to include

That would suggest that your bind is aware of local names.

When configuring bind as Pi-hole's upstream resolver, did you specify the port?
How?

In "Upstream DNS resolvers" in the pihole interface, you can specify the port with a "#"

image

That looks good.

Is bind your only upstream?

Are 'Never forward non-FQDN A and AAAA queries' and 'Never forward reverse lookups for private IP ranges' unticked?

EDIT: In case that's not clear from the UI's on-screen explanations:
When ticked, Pi-hole wouldn't forward plain hostnames and reverse lookups to your bind upstream.

Yes, then bind upstreams to opendns. Before I ever implemented pihole, bind was working great, and I just don't think I've tried an nslookup since implementing pihole (like a year or more ago; ping works and I never looked further). It seems nslookup is the only thing not working with pihole that I can see.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.