Issues setting up DHCP and/or DNS

Help
1

Please follow the below template, it will help us to help you!

Expected Behaviour:

All network traffic should be going through PIHole on my Rpi Zero W

Actual Behaviour:

None of the seen and listed network connected devices (seen by PiHole) are using PiHole

Debug Token:

https://tricorder.pi-hole.net/5nwes1b0ei

Hello Everyone,

I've setup PiHole on the following:

OS : DietPi v6.28.0
Hardware: RPi Zero W (armv61)
PiHole Version: v4.3.2
Admin LTE: v4.3.2
FTL** : v4.3.1
PiHole IP: 192.168.0.100

My network setup is as follows (Kinda odd):

I have Verizon Fios modem to their supplied Router, which in turn I've connected via Ethernet my own Router (TP-Link 450M Wireless N Router: TL-WR940N). I've done this to prevent my actions and tinkering from causing problems with my roommates. So far despite warnings I've not encountered any issues with my external IP as Fios has not changed it on me in years. Further, I do worry about Port Forwarding issues since everything I do has to go through two sets of rules (hypothetically).

Network Info:

LAN Tab: 192.168.0.1

WAN Tab:

IP Address: 192.168.1.165

Subnet Mask:
255.255.255.0

Default Gateway:
192.168.1.1

Primary DNS:
192.168.1.1

Secondary DNS:
192.168.1.100

Capture DHCP Tab:

DHCP Setup

The Issue:

Similar to this issue posted here Reddit Link To PiHole Subreddit
It seems whenever I attempt to set the PiHole as DNS the router just switches the IP to something else. It's like a loop over and over again. Further, I cannot disable the DHCP tab on the router, it's all greyed out.

How do I get all network traffic to run through the PiHole installation? I've read guides but the terms used don't make sense to me. I think I just need step-by step help.

Please help. I've run out of ideas.

3

To play back to you what I think you have set up:

  1. upstream internet connection terminated by a Verizon Fios modem. The WAN connection on that router is assigned a variable internet routeable address, usually stable.

  2. That router offers a LAN network, ip range 192.168.1.0/24
    That router is configured with a DHCP server offering addresses from the 192.168.1.0 range.
    This network provides "stable" undisturbed network access for your colleagues. Connections to the internet from this network are NAT translated to the upstream IP.

  3. Ethernet connected to this network you have a TP-Link TL-WR940N router.
    That router is configured with a DHCP client on its WAN link, that has acquired 192.168.1.165 from the "upstream" DHCP server.

  4. That TP-Link router is also configured with a DHCP server offering the IP range 192.168.0.0/24, to your "unstable" clients. That router is also NAT translating client connections to the internet to 192.168.1.165, to be NAT translated a second time to the upstream address of the Fios router.

Questions...

Where is the pihole connected, and what address has it acquired ? Is it the 192.168.1.100 ?

The Fios router may be giving out DNS addresses to clients. Those clients can include your TP-Link router... That would lead to instability of the DNS address.

How do you plan to publish the DNS server address to the clients? If I understand what you have configured, you have two seperate networks, and TP-Link router is not set with DNA addresses.

Harry

4

I see you note the pihole address is 192.168.0.100 so is on the "inside"" network, but the Secondary DNS:
192.168.1.100
does not match.

5

Hello Harold, Thanks for responding!

I am pretty "dumb" when it comes to some of the terminology being used so I will do my best here to confirm and clarify your questions and statements starting from the first post.

  1. upstream internet connection terminated by a Verizon Fios modem. The WAN connection on that router is assigned a variable internet routeable address, usually stable.
    If by "Upstream" you mean the terminus until the point where internet leaves the house, yes the last device following the line would be the Fios Modem. As for the router (Fios supplied) it is connected to the modem and works without issue. Further, my router, the TP, is connected to the Fios router and functioned seemingly normal. So it's Coax / Fiber > Fios Modem > Fios Router > TP Link Router > PiHole. IF YOU ARE SPEAKING OF THE FIOS ROUTER, I WILL CHECK SOON.

  2. That router offers a LAN network, ip range 192.168.1.0/24 If you mean the TP Link router, the LAN page under Network shows "IP Address 192.168.0.1". I'd have to check the Fios router at a later time.

IF YOU ARE SPEAKING OF THE FIOS ROUTER, I WILL CHECK SOON.
That router is configured with a DHCP server offering addresses from the 192.168.1.0 range. If you mean the TP Link router, Under "DHCP" the "Start IP Address" is 192.168.0.100, and the "End IP Address" is 192.168.0.199 Both "Primary DNS" and "Secondary DNS" fields are empty. All options on this page are grayed out.
This network provides “stable” undisturbed network access for your colleagues. Connections to the internet from this network are NAT translated to the upstream IP. The TP Link and Fios provided Routers both provide stable internet access simultaneously. I believe I am using OpenDNS on the PIHiole, not sure about the routers. Sadly unsure what a NAT is in this case, even after looking it up.

  1. Ethernet connected to this network you have a TP-Link TL-WR940N router. Yes, connected to the Fios provided router "stealing internet from it".
    That router is configured with a DHCP client on its WAN link, that has acquired 192.168.1.165 from the “upstream” DHCP server. Yes, the WAN under Network has 192.168.1.165 as IP address. It also has Primary and Secondary DNS set as 192.168.1.1 and 192.168.1.100.

  2. That TP-Link router is also configured with a DHCP server offering the IP range 192.168.0.0/24, to your “unstable” clients. That router is also NAT translating client connections to the internet to 192.168.1.165, to be NAT translated a second time to the upstream address of the Fios router. I believe this is the same as my answer to question 2 and 3, unless you now are speaking of the TP Link router, and the prior questions are about Fios router.

  3. I see you note the pihole address is 192.168.0.100 so is on the “inside”" network, but the Secondary DNS:
    192.168.1.100
    does not match.

    Correct the PiHole address is as above on the "inside" TP Link network. The Secondary DNS for the TP Link network under "DHCP" is blank. Under Network > WAN it is 192.168.1.1 and 192.168.1.100. Under Network > LAN it is 192.168.0.1

Would setting the WAN DNS on the TP Link to the PiHole fix the issue? For some reason I cannot disable the DHCP as it's all grey.

6

Your write-up is a bit of a mess, what with two different routers and settings and such.

I attribute this to your desperation - don't panic :wink:

I am basing my following suggestions on a few assumptions (click for more details)

I think @shoka has the right grip on the solution, but you evaded his quest for clarity:

So which one is it:
192.168.1.100 or 192.168.0.100 ?

Since you also wrote:

I am going to assume that your Pi.hole is residing at 192.168.0.100, based on the above.

I am also assuming that the following

refers to the WAN tab settings of your own TP-Link.
Then those are the upstream DNS Servers your TP-Link will consult, on behalf of those of its clients that use your TP-Link as DNS server.

The screenshot you posted is most likely the DHCP tab of your TP-Link, showing another set of DNS servers, both set to 0.0.0.0.
Then those are your local DNS servers that your TP-Link will tell its clients to direct their DNS queries to.

A valid setup would be to configure your Pi-hole to be distributed as local DNS server by your TP-Link.

Once your clients have been issued with Pi-hole via DHCP, they won't ask your TP-Link anymore, so the TP-Link's upstream DNS Servers will become irrelevant for your clients.

On your TP-Link's WAN settings tab:
Remove the Secondary DNS entry (most likely, that 192.168.1.100 address was never valid anyhow).

On your TP-Link's DHCP settings tab:
Enter your Pi-hole's IP address (presumably 192.168.0.100) as Primary and Secondary DNS server.

CAUTION:
If you cannot edit your DHCP settings (as they appear to be greyed out), you probably haven't configured your TP-Link as Access Point yet. Consult your TP-Link manual on how to do achieve this.

Your router may or may not not push Pi-hole to your clients immediately, but rather on lease renewal after expiration, which is set to occur after 120 minutes, according to your screen shot.
If you do not want ot wait for those 2 hours, rebooting either your router or your clients should enforce lease renewal.

7

Think this is what you are trying for ?

Demodiagram
Demodiagram1033Ă—405 34.8 KB

That is two networks, separated by your TP-Link router.
The stable network will not have access to the test network, if that TP-Link is configured as a NAT gateway, but the test network will see all.

The pihole will service only the test network, set up like that.

Harry

1 Like
8

Hello Shoka (Harry),

Your diagram is correct.

The Modem is connected to Router A (green bubble). Router, B is TP LINK (red bubble) which is connected to Router A pulling internet from it. This is done so I can run all my tests, tinkers, etc on Router B without causing problems for Router A. I am attempting to have PiHole function solely on Router B.

Regarding your use of "NAT", under Router B (TP LINK) I have working mode set to "Standard Wireless Router". Other options include:

Access Point
Range Extender

I want to ensure that this router and it's settings, as well as my screwups don't affect those using Router A.

Great diagram btw and thanks for the help. I will also reply to user Bucking_Horn.

9

Hello Bucking_Horn, thanks for the info. I am going to try this tonight and post back!

Thanks for the help.

10

I've got manuals for your routers now, "standard wireless mode" on the TP-Link looks like a standard NAT router set up.

It also looks like, by default the TP-Link sets its upstream address using the "Upstream" network's DHCP server.

I presume that is where the 192.168.1.165 uplink address comes from.

Reading the TP-Link manual:

Static IP

If your ISP provides a static or fixed IP address, subnet mask, default gateway and DNS setting, please select Static IP.

That initially looks like the best option, however:

Looking at a Fios manual, the DHCP scope is set

• Start IP Address – Enter the frst IP address in the
IP range that the Gateway will automatically begin
assigning IP addresses from. Since your Gateway’s IP
address is 192.168.1.1, the default Start IP Address is
192.168.1.2.

• End IP Address – Enter the last IP address in the IP
range that the Gateway will automatically stop the IP
address allocation at. The maximum end IP address
range that can be entered is 192.168.1.254.

That indicates that your upstream router by default does not leave any scope free for static addresses. :frowning: (the usable addresses in that network range from 2 to 254)

Grumble. I would like to avoid any change to the Fios router

The worry is that this suggests that if you use the upstream routers DHCP service to set the TP-Link uplink address, those parameters are also set from the Fios router, which is not what you really want.

Particularly, the DNS setting you want to be sent out by your TP-Link to its clients is the address of your pihole server, and not to have it stamped on by the upstream router when it refreshes the DHCP lease.

I guess we have to try it and see if its stable.

For a start we can try and set the name server option in the TP-Link DHCP config to the ip address of your pihole server. leave the second name server address as 0.0.0.0 as that is effectively disabled.

Be sure of the ip address assigned to the pihole. Probably best to double check as you had it wrong somewhere in your original post, if it's on the red network it must be
192.168.0.(something)

Harry

11

Would hope you did make use of the link to that TP-link manual I've posted above - but it seems nobody clicked it :cry:

I also suggested setting it up as Access Point rather than Standard Wireless Router, which should allow setting DHCP options as desired.

Nice helpful pic of yours - how did you create it?

12

Dia.

Exported as bitmap graphic as the board does not support SVG upload.

And no sorry I missed your link, downloaded the router manuals direct from the manufacturers....

13

Dia - wasn't aware that could draw network diagrams, thank you.
A picture is so much better in conveying certain basic aspects of networks, even clearer once you know how to read it. Only thing I miss in your pic above would be a proper label for the .100-Pi-hole machine :wink:

14

:slight_smile: I could fix that if it matters to you, but I don't know if I upload an alternative file, if the board will keep both copies, and its a fair size.

15

I got the Cisco templates that I've used way way back, I no longer remember where from. They were freely copy-able at the time.

16

Nah, it's already fine the way it is - plus I don't intend to steer attention away from @pijove4's problem. Let's rather focus on getting that one solved :wink:

17

So I removed the Secondary DNS from the WAN tab under Network.

I cannot edit anything under the DHCP section as of now. From what you have been telling me, the only way to make it editable is to change the "Working Mode" of the router to an Access Point. Will changing this setting cause the FIOS router to be affected by any changes done in the TP Link router?

Keep in mind, I cannot have any of my actions in the TP Link router cause issues or "leak" into the FIOS router. I will begin the mentioned tests once you confirm I need to change the Working Mode.

EDIT:

Keep in mind, it sounds like "Access Point" function does not allow for outside internet access, only local access". Would this not defeat the point of PiHole? I could be totally wrong by the blurb below:

"Access Point: In this mode, this device can be connected to a wired network and transform the wired access into wireless that multiple devices can share together, especially for a home, office or hotel where only wired network is available."

EDIT 2:

I've also inquired with TP-Link about the greyed out DHCP settings.

Thank you everyone for your help!

18

No, that is certainly not the only way to make your DHCP settings editable.
Access Point is just the mode that best applies to your usage scenario.

As a Wireless Router, your TP-Link should be connected to your DSL modem directly.

It would have two IP addresses: A public IP address as provided by your ISP's DHCP, and a local IP address to be used within your local network.

As such, it would provide both wired (through its LAN ports) and wireless (via WiFi) clients with acccess to the same local network as defined by your TP-Link.

Internal network address range would be provided by your TP-Link to LAN and WLAN alike, with your TP-link residing at a local .1 address by default, e.g. 192.168.1.1.

As a Repeater, it would just act as an extension relay of an existing modem/router

(i.e. FIOS in your environment), and thus offering the very same address space as provided by your modem/router.
Your TP-Link address would lie within that same range, as it would be defined by your modem/router.

A repeater would just extend the green in the pic above to include the red - so there would be no red network at all.

Your TP-Link would have only one IP address as a Repeater.

As Access Point, your router is offering a separate WLAN network while providing Internet access through your modem/router's connection. That separate WLAN's address range can be controlled by your TP-Link, via its DHCP settings.

EDIT: That TP-Link manual isn't very specific about this. It seems unclear whether it would allow this address range to be split from your main routers range only or to define a different subnet altogether.
(changes to the following sentences in italics).

Your TP-Link will have either one or two IP addresses then:
A local IP address as provided by your modem/router (192.168.1.165) and -if supported- a local IP address to be used within it's own subnet address range, again residing at a local .1 address by default, in your case 192.168.0.1.

These different modes may be called differently by different device manufacturers, but they are defined by network usage rather than marketing managers.

Likely, your TP-Link will allow editing DHCP options only when its outward LAN address is configured in a way that allows providing DHCP to local connected clients - being assigned a local IP address (as identified by its 192.168 prefix) from its upstream DHCP (your FIOS) would not qualify for enabling DHCP in Wireless Router Mode.

I admit that I am no expert when it comes to TP-Link devices, so that last sentence is a guess - if a sophisticated one. So it's probably just as well you queried TP-Link support about this.

However, I am confident that Access Point is the mode that applies best to your target scenario, but unaware how to achieve this with your TP-Link.

19

Bucking_Horn,

Thanks for the clarification. I am going to hear back from TP-Link on Monday, which then I will then change the router configuration mode to "Access Point", then follow the steps you provided to me earlier. Once this is done I will post the results!

I must say, I am thankful for everyone's input here. I was totally lost, and at least now I have some help!

Thank you all, talk to you next week.

20

So I just set the TP Link router to "Access Point". It seemed to of changed the LAN IP and now my DHCP settings can be edited. The settings are disabled though. What should I do now. Note, a bunch of the IPs have changed.

21

That sounds contradictory to me :thinking:
Could you post a screenshot?

EDIT: Actually, make that two:
One of your TP-Links DHCP settings, and one of its LAN settings.