I'm a bit of a noob on this Pi-hole business. After much fuss and head scratching I finally managed to get it working (v4.1.2 on an ODROID XU4 running Debian Stretch), and it turns out that I was massively overcomplicating things initially.
My router (TP-Link Archer C8 v1) has two areas for DNS. One within 'Internet' (which I guess is WAN) and one within DHCP (which I guess is LAN).
In my WAN DNS, I currently have Cloudfare setup (1.1.1.1, 1.0.0.1). Initially, I was trying to leave this blank, or enter my Pi-Hole local IP, or enter a range that was outside my subnet mask - all sorts. Nothing worked. Only leaving Cloudfare (or other valid DNS) in this area will work, otherwise my Internet breaks.
In my now working setup, I've left Cloudfare in WAN, and added my local Pi-Hole in LAN DNS.
So now I'm confused. It works flawlessly, and all my LAN traffic actually goes via the Pi-hole (to my surprise!).
How does router know to serve LAN requests via Pi-hole rather than WAN requests via custom DNS?
Why aren't all requests just going via the WAN DNS (Cloudfare) since this seems the default?
Does the router software prioritise LAN traffic (origin LAN) and therefore shunts DNS requests to my Pi-hole as configured in my routers DHCP section?
I'm just really confused as to how this is working, even though it is working perfectly. I have even configured my /etc/hosts file to serve meaningful names, because I couldn't get Conditional Forwarding to work for all connected devices (some had names whereas others had IPs) - now they all have names. It's sweet!
So, if anyone can help me out and clear up my confusion as to how the traffic is routed and how my router knows to serve LAN originating DNS requests from my Pi-hole rather than those in the WAN DNS settings (1.1.1.1, 1.0.0.1), then it would really help me to understand things better.
Next mission, OpenVPN server...more brain-melt ahead I think!
Thanks for an awesome tool.