Lancom routers - resolving individual clients instead showing only router

If your router doesn't allow to configure a local DNS server via DHCP (commonly a LAN or DHCP setting), and you are not willing or able to disable your router's DHCP server, than you are stuck with having only your router as Pi-hole's client.

The only other option you have is to configure DNS servers manually on each and every client in your network.

See also Making your network take advantage of Pi-hole.

1 Like

what does this mean exactly?

as in the link above described we setup the router to forward dns-requests to the pi-hole. with the dhcp thing i am sure all more advanced or professional networks won't/can't rely on pi-hole as the dhcp-server.

edit: are you talking about method2 in this link? How do I configure my devices to use Pi-hole as their DNS server?

The meaning is not entirely clear, but I assume "forwarding" would at least mean your router is accepting DNS queries (by distributing its own IP address as local DNS server via DHCP) and then forwards them to your chosen upstream (and that's completely in line with you observing it as Pi-hole's only client, apart from Pi-hole itself).

However, "forwarding" could also mean that your router additionally is catching and redirecting all outbound DNS traffic and forwards it to the configured DNS servers. Depending on how that's done, it may be a good or a bad thing with regards to Pi-hole.
And depending on your configuration decision (see below), it then may or may not be advisable to revert that "forwarding" option to its defaults.

You'd have to consult your router's manual and/or support to confirm what Lancom means by "forwarding" exactly.

It means you have four options:

a) live with the status quo: your router is forwarding DNS requests to Pi-hole, effectively making it your only client.
b) try to locate a router menu option that would allow you to distribute Pi-hole as local DNS server via DHCP (replacing your router) - this option is commonly found in the LAN or DHCP section of your router's configuration UI.
c) try to disable your router's DHCP server and use Pi-hole's DHCP server instead.
Contrary to your assumption, Pi-hole's embedded dnsmasq is quite capable of serving DHCP. There are even routers out there that use dnsmasq under the hood as well.
d) manually configure Pi-hole as DNS server on each single device.

Again, as configuration options are specific to a router's make, model and firmware, you'd have to consult your router's documentation on your available options.

It may also help to disclose your exact router model, preferably also in this topic's title, in order to better attract users with the same or a similar router. They might be able to share their experience and to provide more specific advice on its configuration. :wink:

1 Like

hello bucking_horn,

thank you very much for the detailed explanations! finally i understand the problem. i now asked the question in the lancom forum and there the really competent developer of the firmware is always very helpful. let's see if there is a possibility in lancom routers to pass the dns requests of the clients to the pi-hole so that he has the possibility to distinguish the clients and not only to see the router.

dhcp we still have to have the router done because of various vpn incoming connections. the exact router model is not too important for the lancom models because all halfway current models share the same core functionality in the firmware.

thanx again for taking the time to discuss our problem so thoroughly! if there is a solution for the problem at lancom i will definitely post it here in the forum to help others.

kind regards from bavaria/germany
tom

That's not quite what distributing a local DNS server via DHCP means.

Let me try to illustrate how a local DNS server compares to your current config with Pi-hole as your router's upstream DNS.

  1. Distribute Pi-hole as local DNS server via DHCP.
    All your DHCP clients will talk to your Pi-hole for DNS, and Pi-hole will forward unfiltered requests to one of its configured upstream servers. If a router supports it, this would be the preferred way, as it doesn't come with the restrictions of option 2.).
    Your DNS resolution path looks like:
    client -> Pi-hole -> upstream DNS

  2. Use Pi-hole as your router's sole upstream DNS server.
    All your DHCP clients talk to your router for DNS, and your router will forward all DNS requests to Pi-hole.
    Hence your Pi-hole sees all DNS requests as originating from your router. You won't be able to attribute DNS traffic to individual client IPs, and you cannot use client-based filtering (i.e. group management) in any meaningful way, and no, Conditonal Forwarding won't do anything for you in that case.
    Your DNS resolution path looks like:
    client -> router -> Pi-hole -> upstream DNS

1 Like

yes. what i actually use is your solution 2 and what i hope to accomplish if it is possible with the lancoms is your solution 1.

this is what i read from the link i postet above and found via the link you posted in your first answer: How do I configure my devices to use Pi-hole as their DNS server?

on the way to get this working now have another problem:

conditional forwarding:
we have two networks configured in the router 192.168.143.0 and 192.168.144.0
the smallest combined net is 192.168.128.0/19 but the pi-hole gives an error?

Dnsmasq (embedded in pihole-FTL) only accepts octets for the subnet, so you will need to find a combination that works with /8, /16, etc.

1 Like

do you have a link to a network calculator that does this in the way pi-hole accepts?

thanx. but i have no idea how this calc works. it gives back a bunch of results instead the smallest possible with octets???

so 192.168.128.0/24 is the smallest combined net in octets that includes 192.168.143.0/24 and 192.168.144.0/24???

No.

Bluntly, if you don't know classful (or classless) subnetting, why are you using a /19?

we use the nets 192.168.144.0 and 192.168.144.0 since about 20 years and never had to deal with this cidr thing. but instead of helping me and simply giving me the address that i need you are loughing at me.

bluntly:
what i'm sure you never would standing in front of me in real life. and you mods here obviously never read your own faq:

thanx
tom

Nobody likes a smart-ass

Spotted something the developers have overlooked? Think you’re much cleverer than them for noticing it? Think it’s a good idea to post about how clever you are? Top tip: It’s not.

Why not open a pull request, instead? Pi-hole is opensource software developed by a handful of volunteers with full time jobs, things are bound to get missed! We rely on clear and concise communication from the community at large to help us out when we’ve missed something, and we all appreciate learning something new! But don’t presume you’re above anyone because you’ve had to point something out.

I literally gave you everything you needed. That link has a /19 broken down in to it's /24 counterparts.

/19 has approximately 8000 useable IP addresses. A /24 is 256. /19 consists of 32 individual /24s.

I would indeed tell you in person what I have said and what I continue to say.

Why are you trying to use a /19?

Dan might have been blunt (and admitting it), but his motivation clearly is to help.

We can't give you a specific address because we don't know your network nor your motivation to pick a /19, so your answer to the question is signifcant.

1 Like

I can tell you exactly what numbers to type in, but you won't know why you are doing it. When it breaks you won't be able to fix it and you'll blame us for giving you the wrong information. You need to learn it. You're operating a DNS server, that's an extremely vital service for your network.

You've made a number of typos and typed many different IP address blocks and netmasks, you need to be very very careful in telling us what IP space you are using and what you want.

we use two networks on our router to divide the clients in two groups. we do this since 20 years with no problem until now. those networks are 192.168.143.0 (255.255.255.0) and 192.168.144.0 (255.255.255.0).

this online calc gave 192.168.128.0/19:
https://www.heise.de/netze/tools/netzwerkrechner/Bildschirmfoto 2020-10-15 um 09.51.42

Just use the two /24 networks. You can't do it with the web interface, you'll need to create a custom config file.

You've chosen two subnets that do not naturally group. You've split the networks across a binary domain.

If you had chosen 192.168.142.0/24 && 192.168.143.0/24 then you could have a single /23. But even that would not help here as dnsmasq requires a /8,/16,/24 natural mask for historical reasons. Use those two /24 networks, each pointing to the same upstream authoritative resolver and the same domain name.

1 Like