HOWTO: Using pi-hole as LAN DNS server

DL6ER · April 21, 2017, 9:54pm

See

github.com/pi-hole/AdminLTE

Show DHCP leases table always

pi-hole:devel ← pi-hole:tweak/DHCP_staticleases

opened 09:54PM - 21 Apr 17 UTC

DL6ER

+9 -10

**By submitting this pull request, I confirm the following (please check boxes, …eg [X] - no spaces) _Failure to fill the template will close your PR_:** ***Please submit all pull requests against the `development` branch. Failure to do so will delay or deny your request*** - [X] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md). - [X] I have checked that [another pull request](https://github.com/pi-hole/pi-hole/pulls) for this purpose does not exist. - [X] I have considered, and confirmed that this submission will be valuable to others. - [X] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [X] I give this submission freely, and claim no ownership to its content. **How familiar are you with the codebase?:** 10 --- Show DHCP leases table (will be empty) and allow editing of static leases also when DHCP server is *not* enabled. A number of users have reported that they hesitated to migrate away from their router's DHCP server to Pi-hole's since they were not aware of the possibility to add static leases. Now we show the table always. The dynamic leases table will be empty as long as the DHCP server is disabled. ![screenshot at 2017-04-21 23-46-57](https://cloud.githubusercontent.com/assets/16748619/25297381/bc4f0e98-26ed-11e7-907c-ecb124fe1f48.png) _This template was created based on the work of [`udemy-dl`](https://github.com/nishad/udemy-dl/blob/master/LICENSE)._

EDIT: This feature has been merged.

DL6ER · June 18, 2017, 6:33am

4 posts were split to a new topic: Dnsmasq and its cache

Chalouder · June 19, 2017, 4:32pm

For the noob Linux user, can you recommend an easy editor for adding network devices to a hosts file?
Do we use tabs between values in the host file like in Windows?

Thanks

Mcat12 · June 19, 2017, 5:56pm

You should be able to use any whitespace between the IP address and the hostname(s). You can edit it with any text editor, but you need to run it under root (administrator). You can do this by running sudo nano /etc/hosts in the terminal. To save the file, press CtrlX and click Enter a few times to confirm.

vladk2k · July 18, 2017, 6:07am

Thank you for this line. I've had trouble resolving local hostnames and was just about to scrap pi-hole alltogether since my home network setup is a bit more complex:

192.168.10.1 - Main router, only does NAT forwarding and DNS through my ISP
192.168.10.99 - OpenWRT access point (actually a router but does not do any routing, all ports are in the same VLAN), provides DHCP and DNS for local hostnames (external DNS queries are forwarded to the main router) and stable services
192.168.10.14 - RaspberryPi 3 on ethernet, running pi-hole and other experimental services (e.g. openhab for controlling my AC units)
192.168.10.15 - RaspberryPi 3 on wifi
A plethora of other devices

Since I like my network being stable, I was serving DHCP option 6 (DNS server) with OpenWRT as primary and Main Router as secondary (in case OpenWRT crashes). It's the same way I configured the RaspberryPi statically and Pi-Hole in the setup menu.
Whatever I did, all requests for local hotnames (e.g. Vlad-PC) would not resolve. I hated the idea of duplicating the hosts file with whatever was configured in OpenWRT's DHCP server because it would mean maintaining two lists of devices.
It was your reply who led me to actually disable the main router DNS server from Pi-Hole config, leaving only OpenWRT as the sole DNS server.

My guess is that requests such as "mediaplayer.local" sent by my PC to Pi-Hole got forwarded to both servers, and since Main Router would reply with "no such name" and OpenWRT would reply with the IP address, Pi-Hole prefers the "no such name" reply.
Maybe this is something that can be improved in a future release of Pi-Hole?

DanSchaper · September 7, 2017, 2:19am

2 posts were split to a new topic: Using Pi-hole for reverse DNS lookups

Jesse_Munos · September 9, 2017, 6:20pm

I've encountered an odd issue.
Im using this guide to run the domain oysterbay.home. I have no issues with dns lookup for a long list of servers in my environment. things resolve as expected as long as the FQDN is .oysterbay.home.
However I am now trying to setup a redirect. I have external URL that redirects to an internal web server.
When outside my network things work fine. The web server loads as expected and all is well. However internally the same lookup provides the IP address of my firewall instead of my web server.
So I'm trying to put an internal redirect so that when i'm on my lan the same URL redirects to my local web server.
IE:
from public internet myurl.com -> WAN IP address (10.0.0.1)
from lan myurl.com -> lan server IP address (192.168.1.16)

I would think this would be as simple as putting in the IP - FQDN - hostname in lan.list
192.168.1.16 myurl.com webserver

However this doesn't work as expected.

If I do an nslookup for myurl.com from my pihole CLI this IP response address is the lan server IP address
so from pihole CLI:
nslookup myurl.com
returns 192.168.1.16

if I do an nslookup from any other system on my LAN I get the WAN IP address
from workstation on LAN
nslookup myurl.com
returns 10.0.0.1

(CONFUSION)

Mcat12 · September 9, 2017, 6:32pm

You should add those lines in /etc/hosts. Also, make sure to clear your DNS cache after changing it.

Jesse_Munos · September 9, 2017, 6:41pm

That doesn't seem to have made any change. here is my /etc/hosts file:

192.168.1.16 myurl.com hostname
nameserver 192.168.1.2

The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Mcat12 · September 9, 2017, 7:25pm

Have you tried restarting dnsmasq?

Jesse_Munos · September 9, 2017, 8:06pm

Yes. I restarted dnsmasq. Can you explain why nslookup myurl.com resolves properly from pihole when called locally but does not when called from other systems on the LAN?
pi-hole:~nslookup

server 192.168.1.2
Default server: 192.168.1.2
Address: 192.168.1.2#53
strikingink.com
Server: 192.168.1.2
Address: 192.168.1.2#53

Name: myurl.com
Address: 192.168.1.16

:~nslookup

server 192.168.1.2
Default server: 192.168.1.2
Address: 192.168.1.2#53
myurl.com
Server: 192.168.1.2
Address: 192.168.1.2#53

Non-authoritative answer:
Name: myurl.com
Address: 10.0.0.1 (wan address)

Mcat12 · September 10, 2017, 3:12am

It sounds like it might still have it in the DNS cache... Is that the raw output? Try running dig myurl.com and use this markdown syntax to share it:

```
some_output
```

Mcat12 · September 10, 2017, 3:14pm

Since you're on a DMZ, make sure that you've protected port 53 (don't let someone on the internet use it!).

Can your LAN devices access the DMZ devices, since they're on a different subnet?

(The character to use in the markdown formatting I posted is located above the TAB key on a US keyboard, not a single quote )

Jesse_Munos · September 10, 2017, 5:25pm

Yeah 53 inbound is blocked and 53 outbound is only open to upstream servers.
Ahh yes, ticks. oops. lol

Jesse_Munos · September 10, 2017, 5:27pm

Also, yes my LAN has an allow all to DMZ, but the DMZ cannot initiate a connection to the LAN. Typical ingress/egress rules.

Mcat12 · September 10, 2017, 5:28pm

What do the queries look like in the log?

Mcat12 · September 10, 2017, 6:33pm

Run pihole -d for a debug token.

Jesse_Munos · September 10, 2017, 6:52pm

The upload is failing for some reason. I thought it. might be a firewall rule at first but i'm getting a lookup error.
I uploaded the diagnostics to a shared folder. You can get them here:

:::  ---= pihole.log
::: Logging will automatically teminate in 60 seconds
::: Finshed debugging!.
::: The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only.
::: Would you like to upload the log? [y/N] y
tricorder.pi-hole.net: forward host lookup failed: Host name lookup failure : Resource temporarily unavailable
::: There was an error uploading your debug log.
::: Please try again or contact the Pi-hole team for assistance.
::: A local copy of the Debug log can be found at : /var/log/pihole_debug.log

Jesse_Munos · September 10, 2017, 9:21pm

Ok I figured it out. This was a local cache issue as you suspected. Evidently I was clearing the local cache incorrectly on my Mac. Sorry for wasting your time and thank you for your assistance!

pgattu · September 23, 2017, 1:42am

llauren:

With a little configuration, you can use your pi-hole as the DNS server for your LAN, if, for example, your router isn't doing a very good job serving local names. Here's how:

Create a second dnsmasq configuration file:
% echo "addn-hosts=/etc/pihole/lan.list" | sudo tee /etc/dnsmasq.d/02-lan.conf
(that % is for whatever your system prompt is; don't type it out )

After this, create a "hosts file" for your network /etc/pihole/lan.list with the format ipaddress fqdn hostname, eg
192.168.1.40     marvin.your.lan  marvin
192.168.1.41     eddie.your.lan   eddie
192.168.1.42     hactar.your.lan  hactar
...substituting "your.lan" for whatever you want your domain name to be.

On your DHCP server (most likely your router, though pi-hole indeed can be configured into one), you'll also need to set your search domain to whatever "your.lan" corresponds to.

Finally, restart your name server:
% sudo service dnsmasq force-reload
Additional thoughts

If all this domain name stuff confuses you, you can leave it out and live a domain-less life on your LAN.

While you certainly can serve any name, also of hosts outside of your LAN, you probably can't outsmart Netflix to play shows from outside your geographical area . Drop that thought. It's probably against their TOS and you might end up losing your Netflix account.

The dnsmasq manual page suggests the configuration option hostsdir, but this didn't work on my raspi. Possibly i was just incompetent.

I tried to setup DNS on my pi-hole using your instructions above.

My lan.list file is setup as following on the pihole:

pi@raspberrypi:~ $ cat /etc/pihole/lan.list

192.168.1.232 isy.mylan isy
192.168.1.231 lutron.mylan lutron

My wi-fi router uses pi-hole as its DNS server.

On a Windows client that’s connected my wi-fi network, I tried to connect to the device using the DNS name entry.

C:\Users\xxxx>nslookup lutron.mylan
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2600:8802:6400:(masked for privacy):27ff:fe4d:7752

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out