How to allow VLANS

Hi,
Let me start off by saying, I'm brand new to ph-hole and seriously ignorant about it.
My issue:
I have a pretty simple home setup with a few vlans. However, Pi-hole only responds to DNS queries on the same vlan. Devices on my WiFi vlan are blocked. Here's the error: "ignoring query from non-local network 10.10.30.50"

My VLANs are such:
Default network vlan 1 - is this for network hardware and does NOT use pi-hole for DNS.
Servers network vlan 10 - all servers including pi-hole are on this vlan and use ph-hole for DNS without issue.
Clients-WiFi vlan 30 - all non-IoT wifi clients like laptops. Can't resolve DNS via pi-hole.
IoT vlan 99 - this vlan is isolated from all other vlans and uses 1.1.1.1 for DNS.
Cameras vlan 60 - settings same as IoT.

Goal:
The only vlans that need to use pi-hole for DNS are vlans 10 & 30
10.10.10.0/24
10.10.30.0/24

looking at the documentation I see this option to "Respond only on interface enp2s0"
https://docs.pi-hole.net/ftldns/interfaces/
But I can't find this setting. I've looked through the settings and don't see that option.

Pi-hole version:

  • Pi-hole v5.18.3 ·
  • FTL v5.25.2
  • Web Interface v5.21
    On my router, intervlan routing between the servers and clients-wifi is allowed. They are both trusted networks.

I thought this would be something simple to fix but clearly I'm dumb. I've read a lot of post about others having the same issue but they were running far more complicated setups or pi-hole on Docker. I'm running pi-hole on an Intel NUC on OS Ubnutu (latest version).

Would anyone know an easy way to fix this?

Thanks in advance and sorry for my ignorance...I'm still learning. lol

This is what I do for my own LAN :

  • Create VLAN Interfaces
    Please note you should NOT configure a gateway on those!
    Just the IP address and Subnet is enough :wink:
  • Make sure all running services are bound only to the main non-VLAN Interface to avoid exposure of those in the wrong VLAN's.
  • Add the additional VLAN interfaces to FTLDNS a.k.a. DNSmasq like so :

/etc/dnsmasq.d$ cat 101-my.settings interface=eth0.10 interface=eth0.100 interface=eth0.254

And then restart FTLDNS ofcourse to make sure this actually works :slight_smile:

Any Static IP using Clients or DHCP Server configuration would obviously need some adjusting too on the VLAN's you are using!

1 Like

Note that VLANs are essentially managed by your router, so you'd need to configure that to route DNS traffic to your Pi-hole machine. It would depend on how your router supports that, and potentially what router port Pi-hole would be connected to whether your Pi-hole machine would be required to feature interfaces for each of the VLANs you want it to serve DNS for (as nero355 has suggested), or whether your router would provide direct inter-VLAN traffic, or perhaps NAT requests to Pi-hole (in which case your router would appear as a client in Pi-hole, aggregating all of a VLANs DNS request)

Likely, yours is already correctly configured to route traffic directly, since you mention:

That would indeed suggest that you'd only have to configure Pi-hole to process those queries instead of ignoring them.

You'll find this under Interface Settings on Pi-hole's Settings | DNS pane, labelled as Respond only on interface eth0 or similar.

If the interface name is missing or not denoting the expected interface, you should consider running pihole -r with Reconfigure and pick the correct one.

1 Like

I’ve did what @Bucking_Horn indicated on my router, and all DNS traffic from my VLANs is handled by Pi-hole. Basically any DNS request is sent to my Pi-hole.

Thank you everyone for all your help!!

I found the missing setting,

They updated the setting screen since their guide was written so what I was seeing vs the guide is different. After checking that option inter vlan DNS is working. :slight_smile: