How to setup DNS going upstream?

#1

So my question is if I have a linux box running (Amahi laid over Fedora 23) that is being used as a DHCP and DNS server (Capable of setting custom upstream DNS) for local hostname resolution and webapps. My plan is to have Apache listen on 443 for my websites since they’ll all be SSL enabled. and let pihole run on the Pi using port 80 and lighttpd

For DNS, should I point to ROUTER>AMAHI>PIHOLE OR ROUTER>PIHOLE>AMAHI? That way I get the ad-blocking power of pi-hole, but still my local dns resolutions without borking my Amahi DNS setup?

My current idea is to set the router to resolve to amahi and amahi to resolve to the pi-hole and pi-hole send upstream to OpenDNS or DNS.Watch

0 Likes

#2

It works best to set the DNS server in the LAN/DHCP options, rather than having your WAN use the router because clients will pick it up automatically and you’ll be able to see which queries come from which clients.

0 Likes

#3

So should if I set the Pi to LAN DNS . Would I set the Linux box to WAN DNS? So that the clients can reach the local host names defined there?

The Linux box will be the DNS/DHCP server. How would you set it up ideally?

0 Likes

#4

If you want the advantage of stats and loggings from Pi-Hole,
have your clients set to resolve via Pi-Hole IP address,
have Pi-Hole resolve via your AMAHI box and
make your AMAHI box resolve upstream to for example OpenDNS or GoogleDNS or the IP of your modem.
This chaining makes sure all involved DNS servers are able to answer queries and if they dont know, they will ask upstream.

0 Likes

#5

Thanks everyone I’ll try it out

0 Likes

#6

I’m in a very similar situation. I am running Amahi 11, with Fedora 27. I’m trying to do what deHakkelaar suggested, and having issues getting it to work.

I’m running a Ubiquiti USG for my gateway/router. Right now, I have it set up reverse of what deHakkelaar suggested. Amahi is pointing to Pi-hole, and Pi-hole is pointing to OpenDNS. When I tried the reverse, it wouldn’t resolve to anything, I had problems with my clients getting IP addresses, and I had to roll back the changes.

I know quite a bit about networking, but this DNS upstream is kicking my butt.

0 Likes

#7

Who is doing DHCP in your network ?
If not Pi-hole, check out Conditional Forwarding at the bottom of the DNS settings page below:

http://pi.hole/admin/settings.php?tab=dns

To diagnose name resolution do some nslookup's on client, Pi-hole and the Amahi host eg:

nslookup <DOMAIN> <IP_DNS_SERVER>


C:\>nslookup pi-hole.net 10.0.0.1
Server:  router.asus.com
Address:  10.0.0.1

Non-authoritative answer:
Name:    pi-hole.net
Addresses:  2604:a880:400:d0::1071:1
          206.189.252.21

C:\>nslookup pi.hole 10.0.0.2
Server:  noads.dehakkelaar.nl
Address:  10.0.0.2

Name:    pi.hole
Address:  10.0.0.2

C:\>nslookup avr 10.0.0.2
Server:  noads.dehakkelaar.nl
Address:  10.0.0.2

Name:    avr.dehakkelaar.nl
Address:  10.0.0.9
0 Likes

#8

Amahi is set up as the DHCP server. I have DNS set up from my gateway to use Pi-hole, but when I do any sort of nslookup, it’s showing my Amahi server as the DNS. I saw the Conditional Forwarding, and I’ve tried setting it for my router’s IP and Amahi’s IP.

Amahi is set up to manage DNS and DHCP. There are several webaps that it has DNS alias’s for. If you don’t use it for DHCP and DNS, much of the functionality of the server goes away.

0 Likes

#9

For proper stats to be displayed on the dashboard you have to see if its possible to configure the Amahi DHCP service to push the Pi-hole IP address to its clients for DNS resolution (methode 1 and also the link that was posted in the first reply on top):

And activate Conditional forwarding so Pi-hole can lookup all names that are local to your network against the Amahi DNS service.

EDIT: And test with nslookup eg:

nslookup <HOSTNAME_LOCAL_NETWORK> <AMAHI_IP>

&

nslookup <HOSTNAME_LOCAL_NETWORK> <PIHOLE_IP>

0 Likes

#10

So, it appears that Amahi doesn’t let you change much other than what’s in it’s control panel. I tried changing resolve.conf through vi, and there are scripts upon scripts that look for manual changes and it reverts any changes to a backup config. It’s a bit frustrating.

I’m thinking I might be able to install pi-hole on the Fedora installation itself, then change the port in dnsmasq.conf to 5353, and then point pi-hole to 127.0.0.1:5353 for the next upstream hop.

I may try this in on a USB drive to act as a boot drive for my server, so I don’t kill my current build testing. If it works, I can deploy it to my running server.

0 Likes