Good day -
I have pi-hole installed on a laptop with Debian 10 and it is working great. However, interestingly, my 2 Pis are not using the pi-hole server, but all other devices on the network are using pi-hole.
Hey !
It depends on how your devices are getting their network configuration, in particular which name servers are used. This configuration is either dynamically or statically applied, and it sounds like your Pis are not getting the same as your other devices.
Could you check and compare between one Pi for starter and one correctly configured device ? A simple first check would be to query some hostname on both devices and see which server is responding; you can do it with dig or nslookup for instance : dig example.com +identify +short
Both PIs:
69.16.238.59 from server 208.67.222.222 in 49 ms. OPENDNS
69.16.238.59 from server 192.168.4.1 in 49 ms. ROUTER
Correctly configured device: 69.16.238.59 from server 192.168.4.42 in 1 ms. PI-HOLE
Looks like I need to edit resolv.conf
This, or set up a DHCP server to address your devices and specify which NS to use. You probably already have one on you LAN, be it on your ISP box or elsewhere. Or you can configure your pihole to act as one, but be careful not to overlap with an existing one.
A quick way to probe for a DHCP server on your LAN and ensure it works as expected is to use this nmap script : nmap --script broadcast-dhcp-discover
If you prefer to go the static way, you can indeed just specify your nameservers and search prefix (optionnaly) in /etc/resolv.conf.
Great info, thanks!
Good day -
Any issues with using a vpn like surf shark?
Don
VPN providers push/enforce their own DNS server IP's to its clients.
Resulting in that these VPN clients dont use Pi-hole anymore for DNS and thus breaking Pi-hole blocking.
Also its called a VPN tunnel meaning its got its own subnet outside your LAN network and without hacking/punching holes, nothing gets in or out of this encrypted tunnel between the client and server endpoints.
Some router's with proper firmware allow to dial into public VPN networks like Surfshark etc.
These routers are usually capable of pushing its own IP details like DNS servers to its clients.
That way you can let the router dial into VPN, the router will route everything through your VPN tunnel, but the router can still push the Pi-hole DNS IP to its clients.
Or you could run
pihole-FTL dhcp-discover
which doesn't suffer from the same shortcomings as nmap - see Reliably detect all DHCP servers on a network? - #5 by Bucking_Horn for further details on the evolution of pihole-FTL dhcp-discover.
3 Likes
Do mind though, you can still use the unicast version if interested in details advertised and dont have the pihole-FTL binary available on like a client for example:
sudo nmap -sU -p67 --script dhcp-discover <DHCP_SERVER_IP>
2 Likes
Ow I later realised above one is initiated with the scan UDP argument (-sU) so scanning a whole subnet will also work:
pi@ph5b:~ $ sudo nmap -sU -p67 --script dhcp-discover 10.0.0.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-04 23:28 CEST
Nmap scan report for router.asus.com (10.0.0.1)
Host is up (0.00074s latency).
PORT STATE SERVICE
67/udp closed dhcps
MAC Address: 50:46:5D:XX:XX:XX (Asustek Computer)
Nmap scan report for 10.0.0.2
Host is up (0.0010s latency).
PORT STATE SERVICE
67/udp open dhcps
| dhcp-discover:
| DHCP Message Type: DHCPACK
| Server Identifier: 10.0.0.2
| Subnet Mask: 255.255.255.0
| Broadcast Address: 10.0.0.255
| Domain Name: home.dehakkelaar.nl
| Hostname: ph5b
| NTP Servers: 10.0.0.3
| Domain Name Server: 10.0.0.2, 10.0.0.4
|_ Router: 10.0.0.1
MAC Address: B8:27:EB:XX:XX:XX (Raspberry Pi Foundation)
Nmap scan report for 10.0.0.3
Host is up (0.00076s latency).
PORT STATE SERVICE
67/udp closed dhcps
MAC Address: 00:11:32:XX:XX:XX (Synology Incorporated)
Nmap scan report for 10.0.0.9
Host is up (0.00081s latency).
PORT STATE SERVICE
67/udp closed dhcps
MAC Address: B8:27:EB:XX:XX:XX (Raspberry Pi Foundation)
[..]
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.