My router is configured to use pihole for DNS, which is on the same subnet. Some router changes I make cause it to restart and magically change the subnet - I understand from googling, this is because it sees 192.168.0.* is already "used" by the DNS server (ie. pihole), so it "cleverly" changes to, say, 10.0.0.*, and then havoc ensues.
I'm thinking I could avoid this happening by running pihole in a different subnet, say 192.168.1.*. I'm currently running pihole in a VirtualBox VM, but can't figure out what network config I would need to achieve this (due to my crap networking skills).
I think I need to set up two VMs - one with bridged and internal networks to act as a router; and the other on the same internal network for pihole. And then set up iptables on the VM router for traffic to get across.
Has anybody else done this, or am I barking up the wrong tree?
If that would indeed be happening after every router reboot, I'd consider to replace the router.
The only circumstances I can imagine where such a behaviour could be somewhat sensible would be if your Pi-hole would claim the very same, identical IP address of your router.
If that's the case, just avoid that address conflict by assigning your Pi-hole a different IP.
Also, please upload a debug log and post just the token that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
It doesn't happen on every reboot, only when some router config changes occur - which is thankfully not that often. However, when it does happen, if the router references pihole for dhcp, all connected devices are on a different subnet to the router, so it becomes very hard to resolve (I had to factory reset the router).
I found other examples of people having the same problem with TP-Link and Netgear routers (mine is Netgear) - although none were in conjunction with using pihole. For example here and here. And it sort of seems reasonable - if the network upstream from the router was on the same subnet, it would cause logical confusion, if not actual problems. So a "helpful" solution might be to pick a different address range.
As for the potential solution, I'm no network engineer, but all the examples I've seen where VirtualBox is used to route messages between guest(s) and other computers on the same subnet as the host use another VM as a router - so it can have two network interfaces defined and the required routing rules. I don't believe VirtualBox cannot do this by itself.
But I assume 99% of people using pihole, have it on the same network as their router. And some of those people must make router changes occasionally. For me it has happened when changing config (eg PPPoE to PPPoA) and when turning off the router's DHCP. If Netgear routers are pretty common. So maybe I should try again, because perhaps it's just an intermittent issue and I had bad luck.
The solution from one of your posted links as proposed by TP-link personell seems to be that you should set your router's upstream DNS servers to public IPs only, as putting in a private IP address (like Pi-hole's) would prompt the router's address shift:
There is auto-detecting mechanism that the router will detect the WAN and LAN addresses, it will change its own LAN IP address to 192.168.0.1/192.168.1.1 if it confirms there is an IP conflict, which means it is not allowed to configure the WAN DNS servers and the LAN IP address in the same subnet. To solve this, you can only change the DNS servers on the DHCP Server page.
Did you check whether that would apply to your router as well?
Below are the current screen shots from the router admin. Obviously when pihole is running I point the DNS to that (192.168.0.18) and turn off DHCP. However, I'm too scared to do that while my daughters are in the house, lest they are without internet for two minutes, and tear the skin from my body. And I assume the debug token is only relevant with these settings in place. But regardless, pihole is working flawlessly - it's my router that is the problem.
When Pi-hole is your DHCP server, there is no direct need to point your router to use Pi-hole as its upstream, as Pi-hole would provide DHCP clients with a local DNS server via DHCP (i.e. Pi-hole would distribute its own IP address).
As mentioned, by leaving your router's Internet/WAN DNS settings untouched, you would probably avoid those address shifts.
Note that you may have to force a client to renew its DHCP lease with Pi-hole before it would start picking up Pi-hole as local DNS (e.g. by dis- and reconnecting its wifi, or by power-cycling it).
Knowing the debug token would have allowed us to check on your DHCP server configuration as current at the time of debug log creation.
Instead of (or in addition to) uploading, you can also check that in the debug log yourself at /var/log/pihole_debug.log - look for a section headed [DIAGNOSING]: Discovering active DHCP servers.
