Guest network

I have setup my TP Link Archer VR2800 router with two networks:

  1. a local network, where all devices can talk to each other, and
  2. a guest network (which I connect IoT devices), where I deliberately restrict devices from talking to the local network

The Pi Hole is connected to the local network.

I want the local network to use the Pi Hole for the DNS server. I am indifferent about whether the guest network uses the Pi Hole for the DNS server or the regular ISP DNS server. I want to configure the DNS server(s) at router level.

However, because I configure the router to use the Pi Hole as the DNS server, none of the devices connected to the guest network can use this DNS server (because the Pi Hole is on the local network) and therefore are unable to properly access the internet. Is there some kind of work around that means (i) devices on my local network always use Pi Hole and (ii) devices on my guest network can still use the internet, either because there is someway to let them use Pi Hole (without granting them general access to the local network) or there is someway to get them to use the regular ISP DNS server?

Thanks!!!

Did you configure your router to
a) use Pi-hole as its upstream DNS server (likely a WAN / Internet setting)?
b) distribute Pi-hole as local DNS server to your DHCP clients (likely a LAN setting)?

Thanks.

The Pi-hole is connected to the LAN with a fixed IP address (192.168.1.254). I have set the DNS server in my router settings as the local IP address of the Pi-hole (192.168.1.254).

Thoughts?

I wonder if there is a way to get the TP-Link router to allow the guest network to access 192.168.1.254 as an override to the ban on their access to the local network, but I can’t see this functionality in the router settings.

So you have used Pi-hole’s local IP for configuring Pi-hole somewhere in your router settings.

This doesn’t answer my question. :thinking:

Note that your issue is not specifically tied to Pi-hole, but rather to your network setup.
While this forum is good at solving Pi-hole problems, there are probably better places to get support on network configurations for specific devices like your router.

That said, I would be able to provide you with some helpful general advice, but it would depend on whether you configured your Pi-hole to be used by your router as a) upstream DNS or b) local DNS, or both.

No idea what I’m talking about? :wink:

Understand the difference between upstream (or WAN) and local (or LAN) DNS servers

Your local DNS server will be used by your local network clients for host name resolution. Normally, it will be announced to a client by your DHCP server, but can be set manually on each client device. Only a local DNS server can know about the hostnames of devices in your local network.

Your upstream DNS server is a DNS server that is used by your local DNS server (e.g. a router or Pi-hole) for resolving public host names on the internet. Your ISP will routinely announce its own DNS servers to be used by your modem or router.

Most devices will allow manual configuration of upstream DNS servers, while fewer will also provide settings for distributing a DNS server via DHCP.


Understand the (non)-significance of defining multiple DNS servers

Most DNS configuration UIs will allow you to state several DNS server addresses, usually a primary and one or more alternative ones.

It’s important to note that employment of a certain DNS server for any given DNS query is totally at the device’s discretion.

If you want to enforce the use of a specific DNS server (like Pi-hole), it must be the only DNS server on the list.


(click triangles above for details)

How did you configure your router?

1 Like

Thanks again for your reply (and apologies for my general incompetence / lack of know how on this).

I’m still a little unsure (!).

Maybe best to explain how I have configured things - I have my Pi-Hole configured to use 1.1.1.1 (Cloudflare) as the upstream DNS server. I have my modem/router configured as a DHCP server on my local network which announces to each client - whether guest or LAN - their IP address and the DNS server (rather than using the DNS server the ISP announces to the router, I use the Pi-Hole as the local DNS server). I have reserved the Pi-Hole IP address on my local network as 192.168.1.254. I have hard coded the DNS server in the modem/router DHCP server settings which it announces to clients on the network as the IP address of the Pi-Hole, i.e. 192.168.1.254.

Not sure if I am answering the question etc - let me know.

Thanks very much for your help.

Good :slight_smile:

Using DHCP is also the preferred (yet not the only viable) way to propagate Pi-hole to your clients when using Pi-hole as DNS server only (as opposed to using Pi-hole for DNS and DHCP).
The main benefit here is that your clients will show up individually in Pi-hole’s Query Log.
The main drawback is that Pi-hole won’t be able to put a name to them - they will appear by their IP address only. You may either edit Pi-hole’s /ect/hosts file, use Conditional Forwarding (from Pi-hole’s DNS settings panel) or use your router as Pi-hole’s upstream DNS to overcome this. You want to be careful using the last option: Avoid closing a loop (where your Pi-hole would query your router and your router would query Pi-hole and so forth).

As far as your home network is concerned, you are set to go (but you may have to reconsider, depending on how your guest network can be dealt with).

Figuring out your guest network will be trickier, as it very much depends on your router (which I am not familiar with).

If your router allows you to configure various subnets specifically (i.e. defining network ranges and so forth), it might be as easy as again putting in Pi-hole’s address (or your router’s, if you want that) under the new subnets DHCP settings, and your router will take care of the rest.
But just as well, if you want PI-hole to filter your guest network, you might have to deal with manually setting up routing from your guest net to your Pi-hole.

In addition, you might have to allow Pi-hole to listen on all interfaces (also available via Pi-hole’s DNS settings).

I am afraid you have to refer to your router’s manual or forums to find out how to do that.

If your router only allows you to tick a box ‘enable guest network’, you most probably can’t distribute Pi-hole to your guest network via DHCP.
If this is what you want, you are done.

If you want Pi-hole to also filter your guest network, you still could set Pi-hole as your router’s upstream DNS server.
This comes with the drawback that you would only see your router as a client from your guest network, not individual device’s IPs.

And there’s absolutely no need to apologize :wink: - lending support or patching up knowlegde gaps is among the most preeminent reasons for this forum to exist.

Thank you so much for your reply.

I’m still a little confused as to how to do this and have asked the question on the TP Link forum - https://community.tp-link.com/us/home/forum/topic/193624?page=1. Hopefully someone can help on that!

Cheers