Hello From New Pi-Hole User

Hey, all! I'm an IT professional whose home network on Verizon Fios was working just fine for entirely too long, so naturally I've been trying to see what I can do to break it. My latest venture into self-destruction, recommended by a friend who's also in IT, has been to buy a BMax Mini PC and learn Pi Hole.

I'm currently using Linux Mint 21.3. This is not an officially supported distro, at least not yet, but I also have another Mini PC running Mint for another purpose. Since I know very little Linux, I decided I'd better stick with what I know, and thus far, it seems to be working okay.

After mucking around for a week or two with Pi Hole, I decided to pare everything back to the bare minimum before I started getting fancy. (More on that in a minute.) My current network is as follows:

192.168.10.1 -- Asus RT-AX55 router. DHCP is now turned off. Uses DHCP for WAN settings, except that I have configured it to use Quad9 for WAN DNS. DDNS client disabled, VPN server and client disabled. IPv6 also disabled after I spent a while screwing with it and realizing I was biting off more than I could chew at the time.

192.168.10.2 -- Pi Hole running on BMax. Used only for DNS for a while until I was comfortable adding DHCP last night. Static IP locally configured, although it was originally a DHCP reservation on the Asus.

192.168.10.3 -- Pi Hole's WiFi adapter. Usually turned off. Currently has a static IP because I was experimenting with it a bit to see whether I might be able to reconfigure the Ethernet connection remotely while using RDP over WiFi. (The KVM arrangements ultimately ended up coming out of the closet, unsurprisingly.)

There are about 35 clients total. Three are on Ethernet, two are on 5.0 Ghz Wifi with WPA3, one is on the 5.0 GHz Guest network also with WPA3, and the rest are on 2.4 Ghz with WPA2 -- mostly little stuff like light bulbs. The DHCP pool is configured for 192.168.10.30 thru 192.168.10.254 . Gave myself some room up front for growth and experimentation -- main thing there is that I want to investigate DDNS and VPN.

I have a TLD registered that is currently parked at Dynu and not doing anything. When I first embarked on this little journey, it was included in the router settings, but I quickly realized that I was getting in over my head too fast, so I removed it.

Random questions for anyone who has read this far.

1. Currently, the name servers at Dynu are authoritative for the domain that I registered there. Is it possible to make the Pi Hole authoritative instead, and more importantly, are there reasons that I shouldn't? I don't want to inadvertently poison the DNS system somehow.

2. Relatedly, what happens if I enter the domain name in the Pi Hole's DHCP section? Currently, there are no server settings anywhere that are pointing at Dynu, so I'm assuming that using the TLD on the Pi Hole probably wouldn't have any effect on anything beyond my own LAN.

3. Anyone have any general thoughts or suggestions on my using Mint 21.3? Or, conversely, if there's any interest in having it officially supported, might there be anything I could do to help?

4. Any other tips you think a noob should take into consideration?

Thanks in advance for your constructive feedback. Nice to be here!

I can try to help,

let me know if I got it right:
Asus router has DNS pointing to 9.9.9.9

1. Do you use the Dynu domain in your internal network?
   is it registered in the Pihole "Local DNS records" ?

2. I think you are right, you can test it with nslookup and dig

3. Are you trying to use Mint as a pihole server ? I think it needs any support , especially it is LTS version

this command usually works for installing on Mint

sudo PIHOLE_SKIP_OS_CHECK=true curl -sSL https://install.pi-hole.net

In my internal network, all of my clients are pointed at the Pi Hole for DNS. The Pi Hole is configured to use Quad9, Filtered, DNSSEC Upstream when serving the clients. The NIC on the Pi Hole itself is configured manually, using 9.9.9.9 and 149.112.112.112 for DNS. The Asus is using 9.9.9.11 and 149.112.112.11 -- I don't recall for certain why the Pi Hole's NIC and the Asus are using two different DNS settings. That's not the kind of thing I would do; the past few days have been pretty frenzied because of very last minute arrangements to see the eclipse, so I think a bit of ADHD may have kicked into overdrive or something.

I am using Mint as the OS for the Pi Hole server. I had some difficulty getting it installed at first, including using the "ignore OS" options, but eventually I got it running and it appears to be working normally, at least as far as I've been able to tell.

I am not using any Dynu server settings anywhere at the moment, only Quad 9. The Pi Hole's Domain Name in the DHCP tab remains the default "lan".

I have two purposes in wanting to use my TLD dot-com domain name on my LAN at home:

1. Teaching myself some new stuff about networking, and

2. A bit further down the road, Possibly using the Asus router's VPN server. That's for a little later, though, after I've ironed out all the more immediate matters.

ad 1.)
In general, you should use public DNS servers for your public domains, and Pi-hole for local names.

pihole-FTL (a dnsmasq fork tailored for Pi-hole usage) is a filtering DNS server, with a limited set of authoritative DNS functionalities. It can handle local DNS for a typical home network, but lacks more fancy stuff like zone transfers or split horizon DNS.

Furthermore, home networks are likely to change their public IPs regularly, so you'd still need a public DNS server holding those respective records, and of course, your public DNS service would also have to support delegating resolution to your Pi-hole if you'd want to use that.

ad 2.)
Using a public domain as a local search domain potentially would have clients generating additional DNS requests for domains expanded by that domain (e.g. google.com.your.domain in addition to google.com).
Depending on how you configure Pi-hole to handle that domain, DNS requests may or may not be forwarded upstream, i.e. you may not be able to resolve those domains if Pi-hole has no records for them.
And creating local DNS records for a public domain within Pi-hole would shadow the public records, i.e. clients would only ever be able to use the replies as provided by Pi-hole. Beware of A and AAAA records - creating only either may result in local resolution for that, while the other may still be forwarded upstream.

ad 3.)
Mint is based on Ubuntu or Debian (in case of LMDE), and as those are supported, Pi-hole probably runs ok on them. Yet Mint is a desktop oriented OS, wasting resources on tasks not needed for a server.

Pi-hole doesn't require a desktop OS.
In fact, it runs fine even on resource constrained systems like a Raspberry Pi Zero.

Official support for Mint isn't likely, as it would involve setting up and supporting yet another test environment for the build chain.

ad 4.)

Pi-hole's DHCP support is very basic - it was added as a means of last resort, in case your router would not allow to change DNS settings at all (i.e. neither its upstream nor its locally distributed DNS servers).

Unless you'd run such a limited router, I'd recommend to stick with your router's DHCP server.

I'm running an Asus RT-AX55 right now, which I bought just a few months ago after finally getting around to replacing Verizon's provided router. I am not necessarily married to the AX55, however, and over the past few months, I've learned enough (I think!) to understand why getting something beefier might be a good idea.

I'm still pretty new to Linux, having spent most of my IT career in Windows and macOS desktop support. Mint, from what I understand, is one of the easier distros to work with, which is why I used it for my first box and also chose it for my second box, which is the Pi Hole. I understand what you mean about resource waste, and further down the road, if I ever get more comfortable with Linux, I may switch to something else. At least for the time being, though, I think I need to tread more carefully -- unfortunately, I don't have the resources to have a home lab, and all of this experimenting that I'm doing is on my production environment. I'm trying to avoid taking off and nuking the entire site from orbit.

Thank you for the information about DHCP. I'll start making plans to move that back to the router. Once that's done, I'm going to want to return to some other annoyances I want to check on... for example, applying my own hostnames to devices on my LAN. I have quite a few light bulbs that don't have hostnames, for example, and I'd like to be able to do things like "ping Lamp1_Bulb2" and get consistent responses. I also do have hostnames for other devices; e.g, my MacBook Pro is named "Donnager", but that name is intermittently being overridden by a random mDNS name, and I have a surveillance camera that I would like to give an intuitive name such as "FrontDoor_Camera" but which apparently has its own hostname that it keeps trying to assign itself. I would like to have the same type of control over hostnames that I do over IP addresses.

If I go to the Terminal to "ping Donnager", I would like to consistently get a reply using the Donnager's 192.168.x.x address. My monkeying around has various given either that reply, or an "unknown host" reply, or a reply from 127.0.0.1, or a reply from "donnager.{my TLD at Dynu}". What I'd like is for my clients to consistently recognize that when (for example) I ping an unqualified hostname, it means that I am trying to ping another device on my LAN, rather than anything in The Great Outdoors.

Thanks also for the explication about authoritative DNS. I had a feeling there was going to something I hadn't learned yet that would explain why I shouldn't try to bring that indoors, so I'll leave it where it is.

Sheesh. All this going on, and I haven't even really looked into adblocking yet, which is what the Pi Hole is for! Well, right now, I'm still the monkey seeing the black obelisk and learning how to swing the thighbone around.

My first box, by the way, is a Tor relay, and Tor's database has been intermittently reporting that my relay is overloaded. I've been trying to pin down the problem... the box itself appears to have enough resources (RAM, disk space, etc etc), and it's not my Fios connection, either. In reviewing the problem some more again last night, I found in Tor's documentation that more entry-level routers, like the AX55 I'm currently using, may not be powerful enough to consistently support the thousands of connections that a Tor relay typically requires -- another reason that I'm thinking of possibly getting a more powerful Asus for my primarily router and moving the AX55 to another location in the house so I can create a mesh (I've got one or two annoying weak spots at the far side of the apartment). Or perhaps going with another brand altogether if it seems a better fit. I'm not married to Asus or anything.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.