Local DNS - FQDN & Hostname resolution

a18041967 · July 24, 2024, 3:03pm

I'm struggling to setup and understand how PiHole local DNS should be setup to resolve hostnames and hostnames that are fully qualified.

I need PiHole to be able to resolve both the following:
myserver
myserver.myDomainName.co.uk

NSLookup & ping should both resolve to the same internal IP address 192.168.3.x which they do when I'm connected (SSH) to the PiHole server, but other hosts on my network are only resolving
myserver.myDomainName.co.uk

NSLookup & ping fails for
myserver

The errors I'm getting are:
** server can't find myserver: SERVFAIL
ping: myserver: Temporary failure in name resolution

I'm unsure if I've setup Pi-Hole correctly, I have tried creating two DNS entries for myserver & myserver.myDomainName.co.uk and I've also tried creating a DNS entry for myserver and a CNAME myserver.myDomainName.co.uk with a target of myserver.

Am I missing something, ideally I would expect to be able to define Pi-Hole as the authority for myDomainName.co.uk and then all DNS entries will resolve with or without a FQDN.

Bucking_Horn · July 24, 2024, 7:28pm

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

a18041967 · July 24, 2024, 8:10pm

I'll upload the logs but since I posted my question there may not be an issue with my PiHole configuration. Having done further investigation both the PiHole server & my MacBook Air were resolving the hosts successfully and the issues seemed to be with my Ubuntu Linux servers.

I not sure what the problem is but I added 'search mydomain.co.uk' to /etc/resolvconf/resolv.conf.d/tail and this has resolved the Ubuntu server issues.

My PiHole config is a combination of DNS entry and a CNAME pointing to the DNS entry,

Bucking_Horn · July 24, 2024, 10:04pm

That is a public domain, i.e. public DNS would return a public IP address for A record requests.

For a home network, you should use one of the recommended TLDs for private use, e.g. internal, home.arpa or lan.
Also, some routers may provide their own local domain names, e.g. fritz.box, which should be used when present.

In general, you'd want to use dig or nslookup to analyse DNS issues - ping isn't adequate, as it uses a variety of methods to resolve names, not just DNS.

a18041967 · July 25, 2024, 7:15am

Yes myserver.myDomainName.co.uk is a public domain and I require external clients to resolve to the public address and the router forwards to the requests to the internal host. I need to internal clients resolve myserver.myDomainName.co.uk to the internal ip address and not the external.

And I'm using nslookup as my preferred tool

Bucking_Horn · July 25, 2024, 7:56am

In that case, you are shadowing public DNS records with your Pi-hole.

To avoid unexpected resolution results, you'd have to supply all required DNS records, e.g. you'd see IPv6 addresses as returned by public DNS if you would not shadow AAAA records for your domain. You can set those up via Pi-hole's Local DNS records simply by supplying an IPv6 address, or you could opt to regex block AAAA replies, see Pi-hole extensions - Pi-hole documentation.

Other side effects may involve less obvious record types like MX.
If you'd need those as well, you'd have to check how pihole-FTL/dnsmasq (Pi-hole's embedded DNS server) supports them, and apply them via a custom dnsmasq configuration file.

You should also be aware that defining local CNAME records to point to a public domain won't work (as detailed on Pi-hole's CNAME screen), unless you'd shadow that domain in Pi-hole as well.

EDIT: Also, when using your Pi-hole from remote devices via VPN, shadowing public A/AAAA records with private IPs would preclude you from routing DNS requests only through your VPN, as the remote device would not be able to connect to your private range IP shadows. You should at least make your local devices accessible via VPN in that case.

I mentioned ping as inadequate as the failure output you've shared was from a ping command.
Some OS's ping implementations (notably, Windows ones) would fail to employ DNS for plain hostnames under unknown circumstances, i.e. they may never actually query your Pi-hole.
If that would have been the case, appending a dot to the hostname may have coerced ping to use a proper DNS lookup for resolution.

This may have contributed to your observation, as your router would likely propagate a different local domain (probably one of the mentions in my earlier reply), and clients would only use that domain to expand hostnames.

But as you've stated that you did configure your Pi-hole with local records for myserver as well as myserver.mydomain.co.uk, Pi-hole would have supplied the correct reply regardless, suggesting that your Pi-hole may have been by-passed.

You should check your router's DNS configuration settings to propagate only your Pi-hole host's IPv4 address as local DNS, and to disable propagation of local IPv6 DNS, or provide one of your Pi-hole host's stable IPv6 addresses.

system · August 15, 2024, 7:57am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.