I'm new to Pihole so please forgive any "newbie" questions. I have a few questions to make sure I have Pihole setup correctly, allow Pihole to resolve internal hostnames so the Dashboard can show hostnames (instead of just IPs), and also have the ability to continue providing DNS service in the event my Pihole machine is unavailable for any reason.
My Network Setup:
I currently have Unifi set up to manage my Ubiquiti network devices. My Unifi Controller (and by extension my USG I suppose?) handles DHCP and has the "LAN" defined as a /24 network. However, I have added several additional Networks in the Unifi controller with VLAN tags, effectively making my home network range a /16.
I have Pihole set up as a VM with a static IP. In Pihole I enabled Conditional Forwarding, as it is my understanding this will allow hostname resolution to occur from my DHCP Server (my Unifi Controller/USG). I also enabled DNSSEC. I've also enabled a third-party Upstream DNS Servers.
Questions:
1.) In my Unifi controller, would I go to each defined Network and use the Pihole IP as the DHCP Name Server?
2.) In Pihole, when defining the Local Network in the Conditional Forwarding section, would I use the /16 CIDR notation that encompasses all of the VLAN-tagged networks I created in the Unifi Controller (even though the "LAN" is really only defined as a smaller /24 network?)
3.) If I wanted to enable DNS Service to continue, even if the Pihole VM was unavailable, would I add the third-party Upstream DNS Servers to the "WAN" network in my Unifi Controller? I've seen it referenced elsewhere that the "WAN" network DNS Server should point to your Pihole VM. But wouldn't that render you without DNS service if your Pihole VM is unavailable? Just trying to figure out a way to make sure DNS Service is available even if my hypervisor or VM wasn't for whatever reason.
I appreciate your help! I hope these questions make sense. Thank you!
1.) In my Unifi controller, would I go to each defined Network and use the Pihole IP as the DHCP Name Server? Yes ... and only your Pi-hole.
2.) In Pihole, when defining the Local Network in the Conditional Forwarding section, would I use the /16 CIDR notation that encompasses all of the VLAN-tagged networks I created in the Unifi Controller (even though the "LAN" is really only defined as a smaller /24 network?) I suggest not enabling Conditional Forwarding. It is not required, and alternatively, you can create DNS records for any local network clients that you want them forl
3.) If I wanted to enable DNS Service to continue, even if the Pihole VM was unavailable, would I add the third-party Upstream DNS Servers to the "WAN" network in my Unifi Controller? Yes, but this would defeat the purpose of having your Pi-hole.
I've seen it referenced elsewhere that the "WAN" network DNS Server should point to your Pihole VM. No, you definitely do not want to do this as it would cause more issues that resolve.
Thanks for the information and taking the time to respond.
1.) Ok understood, thanks.
2.) My understanding is, if I don't enable Conditional Forwarding, my Pihole will show IP addresses in the dashboard, instead of the hostnames? Sorry, I'm not too familiar with creating DNS records, so not sure what would be involved there.
3.) Ok, thanks. Is there a configuration where my DNS could fail over directly to the third-party upstream DNS Server in the event my Pihole VM was unavailable? Could I enable the third-party "upstream" DNS servers as secondary/tertiary servers in my defined Networks under the DHCP Name Servers? (I believe I read some clients will just pick one of the DNS servers in that configuration, and not adhere to the first/primary server in the "DCHP Name Server" setting. If so, is there another way to accomplish this?)
The Pi-hole interface allows you to define a DNS client. Basically, you enter the device name & IP address to create a DNS record for it. That way the device name, in this case, an iPhone’s name shows up in Pi-hole.
Should your Pi-hole fail, the WAN-side DNS settings would be used. Those would be set to your ISP’s DNS servers by default, but they can be any others that you prefer … just don’t set them back to your Pi-hole FWIW, I run redundant Pi-holes on Raspberry Pi’s. Note that doing so, does not mean that all DNS requests go to the “primary” Pi-hole. Instead the work in a soft of tandem fashion with requests going to one or the other somewhat randomly.