As I said: The above doesn't match with your earlier statements, i.e.
and
Given your current question, I am at a loss as to which configuration you are intending to run
May I suggest you make yourself familiar with the required network terminolgy, make your mind up about your config, and come back here once you've got that sorted and require additional guidance?
Reading one of my posts (click here, blues are links) in another (otherwise unrelated) topic might be helpful, as I consider it to be general enough to be relevant for you
(Concentrate on reading the arrowed bullet points in that post and try to ignore the rest)
As far as I understand it, by default, local clients apply whatever is the default local DNS address broadcasted by the router's DHCP server. Unless local clients were configured to use a specific DNS address. Right/wrong?
My local DHCP server at home is the Asus router, to which the Raspi running Pi-Hole is connected via eth0.
My current theory is:
The IP address of Pi-Hole should be set as DNS server address, which the DHCP server of the router broadcasts to all clients of my local network. According to this, all local client DNS calls run through Pi-Hole. Right/wrong?
This screenshot shows where, according to my understanding, the Pi-Hole address should be entered.
Question:
Is it possible to configure the router DHCP server, so it is broadcasting the Pi-Hole IP address as the local DNS server address? Is this the ideal configuration?
Almost right - my overly pedantic additions and removals to your remarks as follows
As of your last screenshot, it looks as if your DHCP settings on your router are set up to distribute Pi-hole as DNS server. This would also be the preferred way, as this will allow you to view individual clients in Pi-hole's Query Log (which would not have been possible when keeping your router as DNS and forwarding requests upstream to Pi-hole).
My previous remark on possible impact of lease duration still applies.
You can force a lease renewal by dis- and reconnecting to the network, which in turn can be forced by switching a device on and off, if no other method is known.
That would depend on your needs, I am afraid.
What I can say is that it is a solid configuration to start with
I have a feeling that this is true to my situation. Craps. What should I do now?
Looking at the DNS options on my iPhone (automatic DNS configuration), I see both the router and Pi-Hole show up as DNS servers.
This is exactly what I want it to turn out. But how?
Assuming that you run a Windows machine in your network, open a command prompt on that machine and execute the following statements:
a. Renew the lease, in order to request the new DHCP configuration, just to be sure
ipconfig /renew
b. take a look at your DNS servers
ipconfig /all
Don't post the full answer, we are just interested in the DNS servers now.
Bugger - seems your router is distributing itself.
In that case, you have two options:
disable DHCP on your router and enable DHCP on Pi-hole
(This will keep individual clients identifiable in Pi-hole's Query Log)
remove Pi-hole from DHCP and set it as your router's upstream DNS, usually via its Internet / WAN settings
(This will make all DNS requests in Pi-hole'S Query Log appear to originate from your router. It doesn't affect Pi-hole's blocking in any way, but some features of Pi-hole's upcoming 5.0 release requiring client id probably won't apply)
You could also try to install a new firmware on your router, as @deHakkelaar suggests, but note that you would have to acquire support for doing so in the respective forums (Merlin, openWRT, DDWRT, pfSense, etc.).
@deHakkelaar
Been considering this in the past, thank you, but I don't feel inclined to do it just now. It looks like I should do it, one of these days! I fondly remember DD-WRT being a major upgrade for my trusty old Linksys WRT54G.
@Bucking_Horn
Switching DHCP over to Pi-Hole seems to have resolved the initial problem, blocking works. The only caveat is when running pihole -d, Networking reports errors:
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface: 192.168.1.200/24 does not match the IP found in /etc/pihole/setupVars.conf (Use IPv6 ULA addresses for Pi-hole)
[✓] IPv6 address(es) bound to the eth0 interface: fe80::9edd:b635:2879:d87e does not match the IP found in /etc/pihole/setupVars.conf (Use IPv6 ULA addresses for Pi-hole)
^ Please note that you may have more than one IP address listed.
As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.
The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.
I'm worried about the error messages showing up. Any pointers on how to fix it?
Still no access to the admin panel via http://pi-hole/admin … no deal breaker, but maybe related to other settings still not being ideal.
192.168.1.1 = Asus router, static IP, DHCP turned off
192.168.1.200 = Pi-Hole, DHCP ranges from 192.168.1.201 to .251 https://tricorder.pi-hole.net/7tchhcen2p
Maybe more of a cosmetic issue, since you installed Pi-hole under a different IP (.57), and Pi-hole still remembers that in setupVars.conf.
Likely same as above, with a caveat: fe80: prefixes a link-local IPv6 address.
While valid, it is non-routable, i.e. visible only to network clients on the same network segment. If you run a network with several routers / L3 switches / access points and/or several subnets, your Pi-hole may not be accessible by all of them.
You may want to change this to a ULA address (from range fd00::/8) by configuring your routers DHCPv6 settings accordingly. EDIT: Actually, I wonder if this would still be necessary if you run Pi-hole as DHCP, but I am unaware of an option to configure a ULA via Pi-hole's UI - calling in @jfb, @deHakkelaar already reads and will comment if he knows)
Alternatively, do not enable IPv6 support in Pi-hole's DHCP and get rid of the IPV6_ADDRESS entry in setupVars.conf. Note that this might encourage some IPv6 capable devices to look for an IPv6 DNS server elsewhere, and some of them might succeed, thus bypassing Pi-hole. But then again, they might just as well do that if IPv6 is enabled. Happens more often than I'd wish for - darn! IPv6 auto configuration
This could be an issue, but I wouldn't expect Pi-hole to be blocking ads if that would fully affect your device.
To try and rectify all of the above, (optionally:) configure a ULA adress range and check your Pi-hole's ULA address, then ssh into your Pi-hole machine and run
pihole -r
and choose reconfigure.
EDIT: Afterwards, use @deHakkelaar's above nslookups in oder to verify your new setup
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
192.168.1.200/24 matches the IP found in /etc/pihole/setupVars.conf
[✓] IPv6 address(es) bound to the eth0 interface: fe80::9edd:b635:2879:d87e does not match the IP found in /etc/pihole/setupVars.conf (Use IPv6 ULA addresses for Pi-hole)
^ Please note that you may have more than one IP address listed.
As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.
The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
192.168.1.200/24 matches the IP found in /etc/pihole/setupVars.conf
[✓] IPv6 address(es) bound to the eth0 interface: fe80::9edd:b635:2879:d87e does not match the IP found in /etc/pihole/setupVars.conf (Use IPv6 ULA addresses for Pi-hole)
^ Please note that you may have more than one IP address listed.
As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.
The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.
Like I said previously, I wouldn’t expect Pi-hole to be blocking ads if that would fully affect your device. Any upstream connection (including DNS forwards) would fail if you had no route to your gateway, and the other two are right about possible ICMP firewalling.
So as long as you still can open pages and do nslookups on public names, you should be good to go.
Just curious:
Does that mean the Pi-hole machine's CLI can ping the router?
ip route
default via 192.168.1.1 dev eth0 src 192.168.1.200 metric 202
default via 192.168.1.1 dev wlan0 proto dhcp src 192.168.1.239 metric 303
192.168.1.0/24 dev eth0 proto dhcp scope link src 192.168.1.200 metric 202
192.168.1.0/24 dev wlan0 proto dhcp scope link src 192.168.1.239 metric 303