HOWTO: Using pi-hole as LAN DNS server

Admin Edit:

This Guide is now outdated, you can make use of the built in "Local DNS Records" feature on the web admin panel


Original post contained within this expander.

With a little configuration, you can use your pi-hole as the DNS server for your LAN, if, for example, your router isn't doing a very good job serving local names. Here's how:

Create a second dnsmasq configuration file:

% echo "addn-hosts=/etc/pihole/lan.list" | sudo tee /etc/dnsmasq.d/02-lan.conf

(that % is for whatever your system prompt is; don't type it out :wink: )

After this, create a "hosts file" for your network /etc/pihole/lan.list with the format ipaddress fqdn hostname, eg

192.168.1.40     marvin.your.lan  marvin
192.168.1.41     eddie.your.lan   eddie
192.168.1.42     hactar.your.lan  hactar

...substituting "your.lan" for whatever you want your domain name to be.

On your DHCP server (most likely your router, though pi-hole indeed can be configured into one), you'll also need to set your search domain to whatever "your.lan" corresponds to.

Finally, restart your name server:

% sudo pihole restartdns

Additional thoughts

  • If all this domain name stuff confuses you, you can leave it out and live a domain-less life on your LAN.
  • While you certainly can serve any name, also of hosts outside of your LAN, you probably can't outsmart Netflix to play shows from outside your geographical area :slight_smile: . Drop that thought. It's probably against their TOS and you might end up losing your Netflix account.
  • The dnsmasq manual page suggests the configuration option hostsdir, but this didn't work on my raspi. Possibly i was just incompetent.
8 Likes

With the upcoming release we add two related settings:

  1. You can now use your Pi-hole to be your DHCP server. Name resolution will work out-of-the-box.

  2. If you still want to use your router as DHCP server, we add two settings where you can tell your Pi-hole to send local host names to the upstream DNS servers. Set your router as first upstream DNS server and your Pi-hole should be able to resolve all host names using the knowledge of your router.

Edit: This is outdated information. This feature has been moved to Conditional Forwarding. -Dan (2020/04/15)

7 Likes

Let me add a little hint. If you manually add your local hosts to /etc/hosts it will not work as expected, because these two default entries:

127.0.0.1 localhost
127.0.1.1 pihole

break the configuration for details - the local hosts cannot be resolved. This issue should be fixed.

I know this is an old post but I just stumbled upon this. This 2nd option is fantastic! I had no idea it was possible. This makes the Top Clients section so much more easily readable. :+1: Any downsides at all to using this option?

Maybe.

If you have only set up one upstream DNS server (your router under one of the "Custom" fields), you'll be fine. If you have enabled another upstream DNS server along your router (e.g. Google), this one will receive all your requests as well. Note that this could potentially be a privacy issue, if you have host names like contain plain text information or other sensible information.

1 Like

yeah I've just setup the 1 upstream provider to be my 192.168.1.1 dd-wrt router.

regarding the privacy issue, i've noticed that some clients request resolving local hostnames with .local anyway, so they seem to be sent often to the public upstream servers regardless of the privacy options. nothing too personally identifiable or sensitive though so i'm not majorly bothered.

Adding local=/home.lan/ or local=/local/ or both to /etc/dnsmasq.d/02-pihole.conf will prevent upstream lookups for domains ending with those.

2 Likes

I was poking around with this. Is there any negatives to adding my local servers to /etc/pihole/local.list? I know it works, but is there a down side to it?

Yes, local.list is erased and re-written on each run of pihole -g, i.e. at least once per week. To possibly update changed IP addresses.
See here for the code that does this.

a small update to my previous replies: i ended up switching entirely to pi-hole's DHCP server over my router's (DD-WRT set to DHCP forwarding mode to the pi-hole) and it's SO much better. feels less hack-y and convoluted than the previous solution, and seems to be performing much better and more smoothly. it seems to be resolving hostnames and local addresses a lot better than dd-wrt's own dnsmasq configuration. thanks for adding this as an option. it took me some apprehensive baby steps to make the jump but it's a much more elegant solution to the overall package.

1 Like

Hello
it worked very well, thanks
I set the DNS server in the router config and all are properly resolved.
I have only one problem, the web admin pihole is blocked, he stops himself :grin:
I tried to withelist the domain of my house but nothing.

Some screen:

What domain are you using to access the web interface? By default you can only use pi.hole, localhost, or the IP address.

1 Like

Hi, thanks for your tips but i have tried everything from the inside of machine itself and from outside (ip, fqdn etc).
The same from inside of machine whit ip, localhost, 127.0.0.1 etc:

EDIT: with "pi.hole" from inside of machine i did it! ty :slight_smile:

now i only have to understand how to have access from outside the pihole machine.

You have been mislead by the fact that the blocking page will also be shown for everything that would receive an error 404 (Not Found).

In your case, the resource you have been looking for does not exist. Note that you have to go to

192.168.1.XXX/admin

Not

192.168.1.XXX
1 Like

yes, right. I can access to the admin page.

Many thanks and sorry for bothering you

No worries! We are glad if we can help :slight_smile:

1 Like

I have gone through the setup and this is what I am getting:
pi@HornPi:~ $ nslookup

server
Default server: 192.168.254.254
Address: 192.168.254.254#53
hornpidns
;; Warning: Message parser reports malformed message packet.
;; Warning: Message parser reports malformed message packet.
Server: 192.168.254.254
Address: 192.168.254.254#53

** server can't find hornpidns: NXDOMAIN

hornpi
Server: 192.168.254.254
Address: 192.168.254.254#53

Non-authoritative answer:
Name: hornpi.Home
Address: 192.168.254.1

server 192.168.254.2
Default server: 192.168.254.2
Address: 192.168.254.2#53
hornpidns
Server: 192.168.254.2
Address: 192.168.254.2#53

Name: hornpidns.Home
Address: 192.168.254.2
Name: hornpidns.Home
Address: 127.0.1.1

hornpi
Server: 192.168.254.2
Address: 192.168.254.2#53

Name: hornpi.Home
Address: 192.168.254.1

My question is why when I do a nslookup from the router (192.168.254.254) for the pi-hole system hornpidns I get the "Warning: Message parsar reports mailformed message packet" but when I do it from the pi-hole (192.168.254.2) it get the correct values?

Thats because you probably configured your upstream DNS resolving path like so:

[Clients] --> [Pi-Hole] --> [router DNS] --> [Upstream DNS could be your ISP] --> etc

The router doesnt have the DNS records your requesting and non of its upstream configured DNS servers (ISP etc) know the answer either.

The router has has the pi-hole for the DNS, the clients have the router for the DNS.

Difficult to explain as different routers do different things.
If a router serves both purposes of handing out IP details to clients via DHCP
and can resolve hostnames to IP addresses via DNS records,
they will create a new DNS record everytime a new client registers for a new IP address via DHCP.
Whenever a client asks a DHCP server for a new IP address (and other details like GW etc), the clients also advertise their own hostname so the router can create DNS records accordingly.
These are sometimes called "smart routers".
But as your hornpidns IP address is probably setup statically, eg. the IP address was not acquired via DHCP from the router, no DNS records are/where created on the router.
Some routers allow you to create DNS records manually.
So you would need to create an DNS "A-record" pointing to the IP address of your hornpidns box.
And if your network is setup for IPv6, you would also need to create an "AAA-record".