Configure Google Wifi DHCP range to a single IP x.x.x.10 to x.x.x.10
Reserve that ip for pihole
Configure Google Wifi Custom DNS with ip of pihole.
Enable DHCP on pihole with non-overlapping range x.x.x.20 to x.x.x.250
Reboot Google Wifi Access Points (4 total on my network)
Expect the Google Wifi Access Points to obtain IP from pihole DHCP server
Expect wireless devices on network to obtain IP from pihole DHCP server
Expect wired devices on network to obtain IP from pihole DHCP server
Actual Behaviour:
Wired devices successfully obtain IP from pihole DHCP server
Wireless devices (including the 3 non-master Google Wifi access points) fail to obtain IP
Debug Token:
x4b5d0rogm
Things I have noticed in my troubleshooting so far.
I disabled wlan0 interface on the Pi Z as I have a usb ethernet interface active. I was seeing some DHCPDISCOVER(wlan0) messages and the "Pi-hole Ethernet Interface" still showed wlan0. Ran pihole -r to get it to eth0.
no iptables rules blocking any of the required ports
At wits end. I know there are plenty of Google Wifi posts. I've searched them out here and on reddit for clues but I can't figure out why IPs are not getting assigned.
I could give the bridge idea a go if I really needed wifi on the PiZ, but I'm fine leaving it off. I wouldn't expect it being disabled to interfere with DHCP.
Went back to square one, setup the PiZ from scratch (thank god for ansible )
This time I had much better success. I am able to get 99% of my clients online and dnsmasq handing out ips as expected for wired and wireless clients.
There are a few clients that have troubles getting an IP still, specifically android phones and FireTV stick. Sometimes they get an IP very quickly, sometimes it takes a good minute to get an IP, sometimes they fail to get an IP. If I "forget" the network on those devices and re-connect they seem to get an IP most of the time.
Getting closer, but sadly I don't know what changed that fixed most of this (since it's an ansible playbook the setup is identical).
Anyone have any issues with android os specifically?
Well that was short lived. I figured out what was causing my problems, pihole-FTL was pegged at 99% CPU bringing the PiZ to it's knees. DNS resolutions were taking >5s, DHCP renews would fail >90% of the time.
Rebooted the PiZ, pihole-FTL shot right back up.
Had to disable pihole's DHCP, immediately pihole-FTL dropped to 1%.
New token: b9bqo193qb!
anyone have clues why FTL shoots up with DNS enabled?
I think you're on to something! Switched pihole DNS to use 9.9.9.10 (and disabled DNSSEC option) and when a host renews DHCP pihole-FTL hits 80-90% but only for a few seconds, and the host gets an IP assigned.
edit: pressed my luck and tried to switch more hosts over, after a handful of DHCP renews pihole-FTL stayed at 99%
Sweet.
But still I believe you 've got to get rid of below one too:
If 192.168.86.10 is Pi-hole, your creating a loop:
pi@noads:~ $ man dnsmasq
-S, --local,
--server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]
Specify IP address of upstream servers directly.
Did some more digging. Started with a fresh pihole -r and flipped one setting on at a time.
I have it working pretty stable with DNSSEC and 1.1.1.1/1.0.0.1 upstream DNS servers.
The dramatic jump in pihole-FTL seems to be directly related to number of enabled blocklists. If I only enable the default lists (~113k domains) then the CPU spike for pihole-FTL only lasts a couple of seconds.
If I enable all of these: https://v.firebog.net/hosts/lists.php?type=tick (~800k domains) then it gets into trouble. As soon as a DHCP renew request comes in it spikes and fails to assign IP.
Seems like I am hitting a performance bottleneck. Are there testcases for CPU recommended related to blocklists? I might need to retire the idea of using a PiZ.