Hostname resolution, part 312

Good morning!

I know that this topic comes up a lot, but it seems that everyone's case is different enough that what works for one person doesn't necessarily work for the next person. Like a lot of others who have posted here, I am trying to get my PIhole admin screen to show hostnames instead of IP addresses for client machines.

Details about my system:
Here is where I may differ from other posters that I have found thus far. My network is set up as an AD domain, and I am using Windows Server to handle DNS and DHCP. I have a Raspberry PI running PI-hole, and it seems to be working perfectly in its role, so no complaints or problems there.

My router is a Unifi USG (also fairly common, I've seen), but again, all it's doing is routing for Internet access.

So, router is 192.168.1.1, AD/DNS/DHCP server is ...1.170, and PI-hole is ...1.46 (there is a method to my IP madness, I swear).

What I have changed since installing Pi-hole:
I have made changes to DNS servers used by PI-hole, messed with conditional forwarding, made changes to what my DHCP server sends as name server to clients, the whole bit. Nothing has worked.

How PI-hole and other bits are set right now :
PI-hole:

• Using Google DNS servers and I also have my internal DNS (1.170) set as custom server #1.
• "Only allow local requests" is checked.
• "Never forward non-FQDN A and AAA requests" is checked
• I have enabled conditional forwarding, with CIDR set to 192.168.1.0/24 and DHCP server set to 192.168.1.170. Domain name is set to MCQ.org (name of my AD domain).

Router:

• WAN DNS server is set to 192.168.1.170 (which has Google DNS set up as DNS forwarders)
• DHCP server is disabled

Windows Server (AD/DNS/DHCP):

• DHCP server is setting PI-hole (.46) as primary DNS, itself (.170) as secondary DNS
• As mentioned before, Google and my ISP's DNS servers set up as DNS forwarders

If possible, I'd like to keep using Windows DHCP, as it's more fully-featured than DHCP servers available to PI-hole or Unifi router. I have fewer opinions about Windows DNS, other than having it on same server is convenient.

Sorry for the info overload, but I figured the more I list, the more likely someone will look at it and say, "Here's your problem, idiot." and I totally get that. I get the feeling that I am one or two settings from where I want to be, but there are so many possibilities and combinations, the number of non-workable configurations is exponentially huge.

Thanks!

Todd

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

Here we go: https://tricorder.pi-hole.net/4W0dCRMt/

Pi-hole has to be the only DNS server for your clients.
By distributing a second DNS server alongside Pi-hole, you would allow clients to by-pass Pi-hole at their own discretion.

However, your debug log suggests that your AD/DHCP server is not distributing any DNS servers at all:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   
   * Received 300 bytes from eth0:192.168.1.170
     DHCP options:
      Message type: DHCPOFFER (2)
      netmask: 255.255.255.0
      renewal-time: 345600 ( 4d )
      rebinding-time: 604800 ( 7d )
      lease-time: 691200 ( 8d )
      server-identifier: 192.168.1.170
      --- end of options ---

Run from a client(!) that you expect to use Pi-hole for DNS, what's the output of

nslookup pi.hole

nslookup flurry.com

Please also provide the respective lines from Pi-hole's log for the above requests.
You may search the logs for them on your Pi-hole host machine, e.g. by running

grep flurry.com /var/log/pihole.log

You are using your AD/DHCP server at 192.168.1.170 as forward target for Pi-hole's Conditional Forwarding:

*** [ DIAGNOSING ]: Setup variables
    REV_SERVER=true
    REV_SERVER_TARGET=192.168.1.170

Let's check whether your AD server would know hostnames for a given IP and vice versa:

nslookup 192.168.1.24 192.168.1.170

nslookup <some-name> 192.168.1.170

Substitute <some-name> with a plain hostname of one of your clients.

Okey-dokey. Looking at my Windows DNS server, it seems to kind of suck? I mean, that 192.168.1.24 wasn't in there at all, which seems odd. So, I am turning it off and putting my PI.hole server as the only Name Server pushed out by DHCP.

nslookup pi.hole:

C:\Users\Todd>nslookup pi.hole
Server: pi.hole
Address: 192.168.1.46

Non-authoritative answer:
Name: pi.hole.MCQUISTON.ORG
Address: 37.48.65.151 <- that seems wrong

nslookup flurry.com

C:\Users\Todd>nslookup flurry.com
Server: pi.hole
Address: 192.168.1.46

Non-authoritative answer:
Name: flurry.com.MCQUISTON.ORG
Address: 172.93.103.100

grep output:

pi@raspberrypi:~ $ grep flurry.com /var/log/pihole.log
Apr 5 15:33:13 dnsmasq[3358]: query[A] flurry.com.MCQUISTON.ORG from 192.168.1.175
Apr 5 15:33:13 dnsmasq[3358]: forwarded flurry.com.MCQUISTON.ORG to 192.168.1.170
Apr 5 15:33:13 dnsmasq[3358]: reply flurry.com.MCQUISTON.ORG is NXDOMAIN
Apr 5 15:33:13 dnsmasq[3358]: query[AAAA] flurry.com.MCQUISTON.ORG from 192.168.1.175
Apr 5 15:33:13 dnsmasq[3358]: cached flurry.com.MCQUISTON.ORG is NXDOMAIN
Apr 5 15:33:13 dnsmasq[3358]: query[A] flurry.com from 192.168.1.175
Apr 5 15:33:13 dnsmasq[3358]: gravity blocked flurry.com is 0.0.0.0
Apr 5 15:33:13 dnsmasq[3358]: query[AAAA] flurry.com from 192.168.1.175
Apr 5 15:33:13 dnsmasq[3358]: gravity blocked flurry.com is ::
Apr 5 15:45:14 dnsmasq[25223]: query[A] flurry.com.MCQUISTON.ORG from 192.168.1.175
Apr 5 15:45:14 dnsmasq[25223]: forwarded flurry.com.MCQUISTON.ORG to 8.8.8.8
Apr 5 15:45:14 dnsmasq[25223]: reply flurry.com.MCQUISTON.ORG is 172.93.103.100
Apr 5 15:45:14 dnsmasq[25223]: query[AAAA] flurry.com.MCQUISTON.ORG from 192.168.1.175
Apr 5 15:45:14 dnsmasq[25223]: forwarded flurry.com.MCQUISTON.ORG to 8.8.8.8
Apr 5 15:45:14 dnsmasq[25223]: reply flurry.com.MCQUISTON.ORG is NODATA-IPv6

nslookup stuff:

C:\Users\Todd>nslookup 192.168.1.173
Server: pi.hole
Address: 192.168.1.46

DNS request timed out.
timeout was 2 seconds.
*** Request to pi.hole timed-out

C:\Users\Todd>nslookup interface-nuc
Server: pi.hole
Address: 192.168.1.46

Non-authoritative answer:
Name: interface-nuc.MCQUISTON.ORG
Address: 207.244.67.215

Both those nslookups were to the same machine (one was IP one was hostname)

Here is my doing those same nslookups from the pi-hole machine:

Server: 192.168.1.46
Address: 192.168.1.46#53

Non-authoritative answer:
Name: interface-nuc.MCQUISTON.ORG
Address: 162.210.196.166

pi@raspberrypi:~ $ nslookup 192.168.1.173
;; connection timed out; no servers could be reached

Upon further testing, it really looks like the Conditional Forwarding feature is not functioning. Nothing is showing that would indicate that it's able to get info from that server.

Did a new debug log, just in case: https://tricorder.pi-hole.net/JHIWemJ4/

You've omitted the server's IP address from the last set of nslookups that were meant to check viability of your Conditional Forwarding target.
Please run the commands exactly as requested:

Sorry. Here is my nslookup of a machine by IP and hostname:

C:\Users\Todd.MCQUISTON>nslookup 192.168.1.55 192.168.1.170
Server: UnKnown
Address: 192.168.1.170

*** UnKnown can't find 192.168.1.55: Non-existent domain

C:\Users\Todd.MCQUISTON>nslookup liz-i5 192.168.1.170
Server: UnKnown
Address: 192.168.1.170

Name: liz-i5.MCQUISTON.ORG
Address: 192.168.1.55

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.