I thought it could be a firewall problem, but I can't find it. If I run a tcpdump in the pihole while sending a nmap query it seems that the DHCP request is received by the network interface:
$ sudo tcpdump -i ens18 -pvn port 67 and port 68
tcpdump: listening on ens18, link-type EN10MB (Ethernet), capture size 262144 bytes
23:13:48.686648 IP (tos 0x0, ttl 64, id 22248, offset 0, flags [DF], proto UDP (17), length 344)
192.168.1.13.68 > 192.168.1.12.67: BOOTP/DHCP, Request from 56:2f:d2:84:10:d4, length 316, xid 0x9db54b7d, Flags [none]
Client-IP 192.168.1.13
Client-Ethernet-Address 56:2f:d2:84:10:d4
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Inform
Parameter-Request Option 55, length 64:
Option 252, Subnet-Mask, Time-Zone, Default-Gateway
Time-Server, IEN-Name-Server, Domain-Name-Server, LOG
CS, LPR-Server, IM, RL
Hostname, BS, DP, Domain-Name
SS, RP, EP, IPF
SRT, PF, RSZ, TTL
MTU-Timeout, MTU-Table, MTU, LSN
BR, MD, MS, Router-Discovery
RSA, Static-Route, UT, AT
IE, TT, KI, KG
YD, YS, NTP, Vendor-Option
Netbios-Name-Server, WDD, Netbios-Node, Netbios-Scope
XFS, XDM, Requested-IP, Lease-Time
OO, DHCP-Message, Server-ID, Parameter-Request
MSG, MSZ, RN, RB
Vendor-Class, Client-ID, BF, TFTP
Lease-Time Option 51, length 4: 1
However, there is no response. I enabled the -d option in nmap and it shows a TIMEOUT:
$ sudo nmap -sU -p 67 -d --script=dhcp-discover 192.168.1.12
Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-12 23:22 WET
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.3.
NSE: Arguments from CLI:
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 23:22
Completed NSE at 23:22, 0.00s elapsed
Initiating ARP Ping Scan at 23:22
Scanning 192.168.1.12 [1 port]
Packet capture filter (device ens18): arp and arp[18:4] = 0x562FD284 and arp[22:2] = 0x10D4
Completed ARP Ping Scan at 23:22, 0.20s elapsed (1 total hosts)
Overall sending rates: 9.90 packets / s, 415.82 bytes / s.
mass_rdns: Using DNS server 192.168.1.12
Initiating Parallel DNS resolution of 1 host. at 23:22
mass_rdns: 0.00s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 23:22, 0.00s elapsed
DNS resolution of 1 IPs took 0.00s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating UDP Scan at 23:22
Scanning pihole (192.168.1.12) [1 port]
Packet capture filter (device ens18): dst host 192.168.1.13 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 192.168.1.12)))
Completed UDP Scan at 23:22, 0.20s elapsed (1 total ports)
Overall sending rates: 9.79 packets / s, 274.15 bytes / s.
NSE: Script scanning 192.168.1.12.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 23:22
NSE: Starting dhcp-discover against 192.168.1.12:67.
NSE: [dhcp-discover 192.168.1.12:67] dhcp: Couldn't receive packet: TIMEOUT
NSE: [dhcp-discover 192.168.1.12:67] Couldn't send DHCP request: Couldn't receive packet: TIMEOUT
NSE: Finished dhcp-discover against 192.168.1.12:67.
Completed NSE at 23:22, 5.00s elapsed
Nmap scan report for pihole (192.168.1.12)
Host is up, received arp-response (-0.20s latency).
Scanned at 2019-11-12 23:22:27 WET for 5s
PORT STATE SERVICE REASON
67/udp open|filtered dhcps no-response
| dhcp-discover:
|_ ERROR: Couldn't receive packet: TIMEOUT
MAC Address: D2:71:05:32:2E:F7 (Unknown)
Final times for host: srtt: -200150 rttvar: 5000 to: 100000
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 23:22
Completed NSE at 23:22, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-mac-prefixes nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 5.70 seconds
Raw packets sent: 4 (112B) | Rcvd: 1 (28B)
On the other hand, as you said, if I try the same with the DHCP on the router I get:
$ sudo nmap -sU -p 67 --script=dhcp-discover 192.168.1.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-12 23:13 WET
Nmap scan report for 192.168.1.1
Host is up (-0.20s latency).
PORT STATE SERVICE
67/udp open dhcps
| dhcp-discover:
| DHCP Message Type: DHCPACK
| Server Identifier: 192.168.1.1
| Subnet Mask: 255.255.255.0
| Router: 192.168.1.1
| Domain Name Server: 80.58.61.250, 80.58.61.254
|_ NTP Servers: 10.22.192.1
MAC Address: 08:6A:0A:BD:6F:3C (Askey Computer)