DNS registration issues for Windows AD joined devices that use Pi-hole for DHCP

blackworx · February 16, 2024, 11:58pm

The issue I am facing:

Domain-joined Windows hosts that obtain a DHCP lease from Pihole don't seem to be successfuly registering DNS anywhere, i.e. not on the Pihole and not on my AD DNS server. Certainly I cannot resolve these hosts' IPs from other domain-joined devices regardless of whether I ask Pihole or AD DNS.

Pihole diagnosis is reporting the following dnsmasq warning for these clients:

Ignoring domain **ad.domain.com** for DHCP host name **[AD host]**

If I set the 'Pi-hole domain name' in Pihole's DHCP settings to ad.domain.com, the domain-joined hosts' DNS will at least register in Pihole, meaning they can be resolved from other local hosts, however this doesn't feel right to me as non domain-joined hosts taking a DHCP lease from Pihole become resolvable with a false FQDN of hostname.ad.domain.com. Also the domain-joined hosts are still not showing up in the domain DNS.

Details about my system:

Pihole = sole DHCP server, and sole DNS server for all local devices with the exception of the AD DC, which has its own loopback as a secondary DNS. It's a small home network with only one DC.

ISP router providing gateway only (it was previously providing DHCP, but config is very limited and it does not allow setting scope options including DNS server IPs, so I moved DHCP to Pihole)

A mixture of domain-joined and non domain-joined devices.

What I have changed since installing Pi-hole:

/etc/dnsmasq.d/02-custom.conf set as follows (where '1.2.3.4' is my AD DNS IP):

# forward lookups
server=/ad.domain.com/1.2.3.4
# PTR/reverse lookups
server=/4.3.2.in-addr.arpa/1.2.3.4

I'm a fairly seasoned techie but networking has always tied me up in knots. My thinking at the moment is I could just configure the DC as the DHCP server instead, or alternatively I could set the DC as the main DNS and point it to the Pihole upstream for internet queries. I don't use logging so loss of log detail as a consequence of the latter option isn't an issue for me.

Before I go and do either of these things I was hoping someone with a bit more knowledge/experience could perhaps help me get the existing setup working.

Bucking_Horn · February 17, 2024, 8:02am

That's not correct.

Pi-hole's DHCP server will automatically register DHCP client names as presented during DHCP negotiation with its DNS server, i.e. they are accessible via their hostnames.
It would also automatically register a hostname expanded by the domain name, e.g. laptop as well as laptop.lan iIf you run Pi-hole's DHCP server with the default.

Note that while a client provides its name, its the DHCP server that provides the local domain(s) to use by its DHCP clients.

The obvious solution would be to set Pi-hole domain name to ad.domain.com via Settings|DHCP.
Very likely, that's what the AD's DHCP server would do as well.

However, you seem to suggest that you wouldn't want all of your clients using that domain?
What would require you to have clients in your home network be treated differently?
How would you tell them apart?

system · March 9, 2024, 8:03am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.