Hello pihole community.
I have two networks, a private and a guest network (guess vlan called), done by Apple Airport Express. In my private network (192.168.1.x) i setup a pihole (192.168.1.40) on one raspberry pi. In my guest network (172.16.42.x) i set up another pihole. (172.16.42.40). In the router i setup 192.168.1.40 as dns for the network. For the guest network i can not setup a dns, so i tried to setup the 172.16.42.40 as secondary dns. Now the guest network is not working anymore. In private network i get both dns by thcp, but in the guest network i get 172.16.42.1 as dns. The only way i mentioned out is setting the dns manually on guest devices but this is not a nice solution. Is there a way to set up my pihole environment working for both networks?
One solution could be to generate a wifi QR code for the guest wlan, but i have not found any QR code generator for wifi with manuell dns.
Do you really need to have two pi's in the network? To what kind of device is the Airport Express connected (router?)? Can't you set a standard dns of 192.168.1.40 in that device. If after that, the clients use 192.168.1.1 (on internal) and 192.168.42.1 (on guest) as dns, the internal pi should handle all dns request, shouldn't it? (The Airport Express should use dhcp to get an ip and dns-resolver from the router and if that resolver is 192.168.1.40 it should router dns through the internal pi)
(Or does the Airport magically fabricate it's own dns-ip from somewhere?)
The Apple AirPort base station's Guest networking feature is a simplistic implementation of a VLAN. That is, although it does support creating a VLAN, it offers little or no control over it for the administrator. Basically, you only get the option to configure it for wireless security.
If you want to use a Guest VLAN, you will need to consider replacing your AirPort Express with another brand router that provides you with more control over implementing VLANs. Besides, since Apple exited the networking hardware business, you will eventually need to replace your Express eventually.
The Airport Express creates a guest network on an entirely separate IP range. This is how they keep guest clients from seeing other devices on the network.
With my Mac on my regular (non-guest) network from an Apple router: IP = 192.168.0.135
If I enable the guest network and switch to that, my new IP is 172.16.42.105. There is no bridging between the two IP ranges.
From the setup manual for the Airport Express:
With AirPort Express, you can:
Create a guest network, with or without password protection, to give wireless Internet access to friends and visitors. Devices that connect to the guest network only have access to the Internet.
Yes. But what DNS server is the Airport Express itself using. I take is the DNS of the clients point to the Airport Express as DNS server, which in turn uses a DNS server from the router. And because the Airport Express itself gets an internal IP, the DNS could point to an internal pi.
So the clients can only reach 172.16.42.1 (airport), but the Airport itself can act as DNS server and use another DNS server from the internal network. No need for the clients to reach them directly.
What DNS do you get on the clients of a guest network?
Or can the Airport Express only work with publicly available DNS-server?
(I'll need to check @home because I don't even have a public available DNS-server in my router)
Hey all. Yes Airport Express has very limited settings for the guest network.
All Guests on guest network get 172.16.42.1 as DNS. This seems logical, because guest network has no setting for a custom DNS.
For the private network i can set prim and sec DNS. (There prim dns is set to the pihole in the private network)
If i set the DNS of a device manually to the pihole in the guest network, everything works as expected.
If there is an easy way to set the dns to a custom dns on the devices in the guest network that would also be fine. So i found the way to show them a QR Code (because most devices are mobiles with a camera) which includes the name of the guest ssid. But i don't know how to include a custom dns in this QR code. Maybe this is not possible.
Yes, but I wonder, where does the Airport Express forwards it's DNS requests to? If it's the default DNS-server it gets from the router, it can be the internal pi-hole on 192.168.1.40 (because the Airport itself DOES have access to the internal network).
I'll check in a bit (@home) if that's possible.
No, via QR-code it's not possible to supply static ip or dns servers.
I also asked this to myself. The airport express makes PPPOE to a dsl modem. I think it forwards directly to the DNS getting from the provider. Against the private network can be set to use another dns than the dns from the provider.
The Airport Express is a router. It uses the DNS settings put in place by the user in the Airport Utility, and on the non-guest network, this would be the Pi-Hole. This is the DNS passed to the clients. With Apple routers, DNS traffic is seen coming from the individual clients, not the router.
When you shift to the guest network, the clients on that network are on a different IP range and can no longer reach the Pi-Hole on a different range.
I see I have a Airport Express (not an Extreme) so no guest network here.
I have the Airport Express setup as WiFi extender for my current network with ASUS router.
Yes, I understand that. But the clients get the Airport Extreme as DNS server on 172.16.42.1 (in Georg's case). I was hoping the Airport Extreme itself just forwarded the DNS-request to its public DHCP-server (and it was connected to another router) and relayed the answer back to the clients. In that case, setting the DHCP to the internal 192.168.1.40 would be enough to also be used, indirectly, by the guest network.
But if the Airport Extreme is directly connected to the provider, this might get tricky because then the DNS-server of the provider will be used directly (without being relayed through the internal/private network). There would be no way to change that unless you put a device between the Airport Extreme and the actual internet-device (for example a separate router).
I think this is my case, because between the provider and the Airport is only a modem.
I also have the airport express. The guest network is only available if you let the airport express do the magic dial stuff... i mean doing pppoe in connection to a modem.
Thats not totally correct. As i mentioned before, if you set up another pihole in the guest ip area and set the dns in the guest devices manually everything works fine. I can live with that, but i need a nice and easy way to setup new guest, without touching there devices.
Yes, and the only option (without doing it manually), like that article mentions, is using an alternative DHCP server (could be the pi itself). But because you can't disable the DHCP on the AE you'll need to shrink the DHCP range and make dummy reservations on the AE.
Today i tried to set the DNS manual on an Android device and wtf?!?...on an Android device it seems not to be possible to set only manuel dns. With „only“ i mean, leave the device on dhcp and set the dns, but this is not possible. You can only set static on android devices, but the airport is only doing dhcp on the guest network. On an iphone i can leave everything on dhcp but the dns. What the hell?!?
It seems that this is not possible on an old android device. When i set the wifi to static, i also have to set a static ip and the gateway to save the settings, otherwise the save button is greyed out.
I think i have to wait until i habe another android device to, maybe a newer one to test this. You are right, researches says this too.
Argh you are correct. But you can disable the internal dhcp that way and if you set a public dns there, that public dns will be used in the guest network. Not exactly what you want but you can point the public dns to one of the publicly available pi-holes (like Mod Edit: Removed or alike).
Or maybe you can enter 172.16.42.40 as dns in the internal dhcp. Yes. That should work. The internal dhcp/dns-setting isn't used anymore so it doesn't matter there but then that guest-dns can be reached by the guests
A lot of hassle and maybe buying something else is easier but it could work.
Edit: BTW, what happens if you set 192.168.1.40 and 172.16.42.40 as dns in the private dhcp? If one is unreachable the other should be used. That way you can use the internal dhcp of the AE. Both would have one valid dns-ip (and one invalid).
As i mentioned before, if you set up another pihole in the guest ip area and set the dns in the guest devices manually everything works fine. I can live with that, but i need a nice and easy way to setup new guest, without touching there devices. 
