I've spent hours on this issue with no resolution. Hoping someone can help. I have a home network setup with multiple VLANs. I've setup PiHole as the only DNS server on all subnets. I have a single machine I've setup wireshark on for debugging and this is what I see. All DNS requests are going to the PIHole server no matter the VLAN, however...
When I configure the workstation on the same subnet as PIHole and query for doubleclick.com. I see a wireshark trace that shows PIHole responding with 0.0.0.0 as I would expect.
When I configure the workstation on a different subnet than PiHole server. If I run the same query for doubleclick.com this time wireshark shows PIHole server responding with a real IP and not 0.0.0.0.
For the life of me I can't figure out why PIHole is working differently for the same machine based on the subnet of the machine. Hoping someone can help me out here as maybe there is some configuration I do not have correct.
Also, I see nothing in the pihole UI Querylog for queries from other subnets, however, I can see very plainly in wireshark the DNS queries are going to PiHole server and it is responding.
Have you configured your VLANs so that port 53 traffic can pass between them? If not, they are fully segregated and traffic from one VLAN can't get to another VLAN.
Yes, the VLANs are able to fully route all traffic to each other. As I tried to mention in my original post I can see very clear wireshark traffic showing the DNS request going to the PiHole server. When the workstation is on the same subnet pihole blocks doubleclick.com and I see the query in pihold. When the workstation is on a different subnet I see the wireshark trace and pihole server responds with the real IP and I see no query show up in the query log.
If Pi-hole answered the query, the query will show up in the query log (unless you have privacy settings that don't allow this). You should also see the query in /var/log/pihole.log regardless of the privacy settings.
Not sure what to say here... I ran a grep on pihole.log for any queries from the other subnets and I don't see any. I clearly see all queries from clients on the same subnet. I also very clearly saw the DNS request being answered by my pihole server when reviewing the wireshark trace. Something is not jiving....
I have also explicitly used nslookup on windows with my pihole server set as the "server". I see the same behavior where it returns data as I mentioned in the OP. I still see no entries in pihole.log if the client is on a subnet different from the one pihole is running on.
My privacy settings is show everything and record everything.
Turns out content filtering was set on my UDM Pro. The UDM Pro must be intercepting all DNS traffic and replying back to the workstation after querying to it's own DNS providers. The source IP still shows as the pihole server and that is what was causing all the confusion on my end and making it difficult/"impossible" to see what is happening.
Now that content filtering is disabled I see the DNS queries show up in the pihole log for other subnets.