Conditional forwarding with different Upstream DNS

#1

Hi all,

since a little while i’m using 3 piholes in my home network.
1 running on a linux VM and 2 as Docker containers.
The VM is my primary internal DNS and one container is backup. The third pihole is for the kids and guests which uses OpenDNS as it’s upstream Servers and i can filter-out “dirty-stuff” with the OpenDNS filters.

So all 3 piholes work perfectly, except the 3rd one which forwards to OpenDNS.
I use the conditional forwarding to forward to my router and this works perfectly on the first 2 piholes. these both use my router as Upstream DNS too.
But if i use it one the pihole with OpenDNS, the conditional forwarding resolves no hostnames.

Is this “as expected” and do i need my router as Upstream DNS for it to work??

Thanks for the info!!

0 Likes

#2

If it’s working on the other Pi-hole instances, and the only difference is the upstream, then I would double-check the conditional forwarding settings. You can also check /var/log/pihole.log for details to check exactly what’s it’s doing with those queries.

0 Likes

#3

Hi Mcat12, sorry just re-reading my post but maybe i’ve written it a bit wrong :slight_smile:
The queries etc on the 3rd pihole work fine so the clients have no issue. I’ve double-checked the logs as you mentioned…
The “problem” is the the Conditional forwarding is not working for resolving the hostnames of my lan-devices. My router is the dhcp-server for the network for multiple pools/vlans and the other 2 piholes resolve the lan-hostnames perfectly. The conditional forwarding settings are the same on all 3, just the ip-adress of the router and the local domain name.

0 Likes

#4

Do you see any differences in the logs between the different Pi-holes in how it handles queries which should be sent to the router (due to conditional forwarding)?

0 Likes

#5

Yeah, on the pihole that doesn’t work with conditional forwarding, it shows a reply with NXDOMAIN.

So an example from the working PI which resolves the name of my work-phone:

root@pihole:/var/log# grep 60.7 *.log
pihole.log:Feb 15 01:00:01 dnsmasq[699]: reply 192.168.60.7 is iPhoneWorkRandy
pihole.log:Feb 15 02:00:00 dnsmasq[699]: reply 192.168.60.7 is iPhoneWorkRandy
pihole.log:Feb 15 03:00:00 dnsmasq[699]: reply 192.168.60.7 is iPhoneWorkRandy
pihole.log:Feb 15 09:00:00 dnsmasq[699]: reply 192.168.60.7 is iPhoneWorkRandy
pihole.log:Feb 15 10:00:00 dnsmasq[699]: reply 192.168.60.7 is iPhoneWorkRandy

And an example of the one that doesn’t work, but should resolve the dns entry for my daughters-phone:

root@pihole-backup:/var/log# grep 60.7 *.log
pihole.log:Feb 15 08:00:00 dnsmasq[1549]: cached 192.168.60.71 is NXDOMAIN
pihole.log:Feb 15 08:00:00 dnsmasq[1549]: reply 192.168.60.70 is NXDOMAIN
pihole.log:Feb 15 09:00:00 dnsmasq[1549]: cached 192.168.60.71 is NXDOMAIN
pihole.log:Feb 15 09:00:00 dnsmasq[1549]: cached 192.168.60.70 is NXDOMAIN
pihole.log:Feb 15 10:00:00 dnsmasq[1549]: reply 192.168.60.71 is NXDOMAIN
pihole.log:Feb 15 10:00:00 dnsmasq[1549]: cached 192.168.60.70 is NXDOMAIN

0 Likes

#6

The example of the one that did not work was a different IP. What is the query log traffic for the .7 IP from the Pi-Hole that is having problems?

Please generate debug logs and upload, and post tokens here for the good Pi-Hole and the bad Pi-Hole.

0 Likes

#7

Hi JFB,

sorry took me a few days to have a look at it again…
So the debugtokens are:

Working pi-hole:
rqxock5z8w

Not-working pi-hole:
t8kpd1vamq

also i did some extra tests with an iphone (same ip-adres) on both Pi’s.

Working Pi:

Feb 19 12:43:31 dnsmasq[519]: query[A] www.icloud.com from 192.168.60.7
Feb 19 12:43:31 dnsmasq[519]: query[A] www.icloud.com from 192.168.60.7
Feb 19 13:00:00 dnsmasq[519]: reply 192.168.60.7 is iPhoneWorkRandy
Feb 19 14:00:00 dnsmasq[519]: reply 192.168.60.7 is iPhoneWorkRandy

Not working Pi:

pihole.log:Feb 19 14:51:00 dnsmasq[26287]: reply 192.168.60.7 is NXDOMAIN
pihole.log:Feb 19 14:51:37 dnsmasq[26287]: query[A] gateway.fe.apple-dns.net from 192.168.60.7
pihole.log:Feb 19 14:54:00 dnsmasq[26643]: reply 192.168.60.7 is NXDOMAIN
pihole.log:Feb 19 14:58:46 dnsmasq[26643]: query[A] www-cdn.icloud.com.akadns.net from 192.168.60.7
pihole.log:Feb 19 14:58:46 dnsmasq[26643]: query[A] gateway.fe.apple-dns.net from 192.168.60.7
pihole.log:Feb 19 14:58:46 dnsmasq[26643]: query[A] e6858.dsce9.akamaiedge.net from 192.168.60.7
pihole.log:Feb 19 15:00:00 dnsmasq[26643]: cached 192.168.60.7 is NXDOMAIN

0 Likes

closed #8

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

0 Likes