Explanation of how pi-hole works

nmhung1985 · December 12, 2018, 12:43pm

Hello,
Is there some document explaining how pi-hole works? From my limited knowledge of networking, I wonder if these are correct:

For example: Main Router 192.168.1.1, pi-hole is 192.168.1.2
pi-hole has a firewall that has following ports open to accept traffic: 53 (UDP & TCP), 80, 443
When a client request a connection to a domain, its traffic goes to Main Router which will redirect the traffic to the DNS server which is pi-hole.
Via one same ethernet port: pi-hole receives the traffic request that Main Router "pushes". Resolve that request and tell it what is the IP of the domain. After that, it forwards the traffic to the Internet Gateway (try to use the correct term) which in this case is also the Main Router. (This step is processed by dnsmasq/FTLDNS?!)
As pi-hole has defined the Upstream DNS, it will not ask the Main Router for DNS resolution. (Obviously, or it would fall into an infinite loop as it's already the DNS defined in Main Router). It still has to "push back" the DNS-resolved-traffic to the Main Router aka Internet Gateway so that the traffic could reach the internet and continue to reach the upstream DNS. (What program/module is responsible for this step?)

I'm asking because I have an Asus router that has modded firmware which enables adblocking using dnsmasq in router mode. That means:

if I connect the Main Router to the Asus's LAN port, the Asus will NOT have internet as the internet connection can only be detected on WAN port.
if I connect the Main Router to the Asus's LAN port and set Asus in non-router (AP/Media Bridge) mode, obviously the Asus will have internet but dnsmasq will NOT run.

Now if I want the Asus to acts as a pi-hole:

For example:

the WAN IP of the Asus is 192.168.1.3 - a LAN device in the Main Router's LAN
the LAN IP of the Asus is 192.168.200.1, dhcp the subnet 192.168.200.0/24.

Open ports on firewall to accept traffic from 192.168.1.0/24 subnet on WAN side, allowing those traffic to get to the dnsmasq server on LAN side 192.168.200.1 to be processed.
The resolved-traffic would be "pushed back" to WAN side to reach to the Main Router to reach the internet.

That's on theory (if its true). In fact, I don't know how pi-hole actually works, using what modules/programs to process. Hope that someone can provide some detailed explanations, before I could ask for help on the Asus forums.

Thanks in advace.

Mcat12 · December 12, 2018, 7:25pm

When a client connects to a server, it first makes a DNS request. This request is sent to Pi-hole. If it's a blocked domain, the returned IP address is 0.0.0.0 and the request ends there. If it's not a blocked domain, the DNS request is forwarded to an upstream server, and Pi-hole returns the final response to the client. Then the client connects to the server (Pi-hole is not involved in anything after the DNS request).

nmhung1985 · December 18, 2018, 3:39pm

Sorry, forgot to reply. I also read some other threads regarding HTTPS blocking, in which there were some posts providing a little more details.
And finally I managed to find ways to setup as I wanted.
So, thank you very much.

system · January 8, 2019, 3:39pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.