Local DNS not working with Fritz!Box router

derlarsen · October 20, 2020, 4:17pm

I have a problem with local DNS records on my Pi-hole. It will resolve a configured DNS record only if I directly use the Pi-hole as the DNS server for my machine but NOT if I use DNS resolution via my router.

My setup is the following

Pi-Hole v5.1.2 with IP 192.168.178.52
Fritz!Box with IP 192.168.178.1
MacBook with IP 192.168.178.38

Configuration

the Pi-hole has a local DNS record localregistry configured which points to my MacBook
the Router is configured to use the Pi-hole as the DNS server
the MacBook has no explicit DNS server set and hence uses the Fritz!Box for DNS resolution which in turn uses Pi-Hole
I know the setup works b/c the Pi-hole dashboard shows the correct DNS requests from my router in the logs/dashboard

If I now try to resolve localregistry from my MacBook, I get the following unexpected response

$ dig localregistry

; <<>> DiG 9.10.6 <<>> localregistry
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14557
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;localregistry.			IN	A

;; Query time: 14 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Tue Oct 20 16:28:58 CEST 2020
;; MSG SIZE  rcvd: 31

However, if I set the DNS server of my MacBook to my Pi-hole and do the lookup again, I receive the expected result:

$ dig localregistry

; <<>> DiG 9.10.6 <<>> localregistry
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52019
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;localregistry.			IN	A

;; ANSWER SECTION:
localregistry.		2	IN	A	192.168.178.38

;; Query time: 12 msec
;; SERVER: 192.168.178.52#53(192.168.178.52)
;; WHEN: Tue Oct 20 16:31:34 CEST 2020
;; MSG SIZE  rcvd: 58

Bucking_Horn · October 20, 2020, 5:12pm

When diging for localregistry from your MacBook, do you see a corresponding query show up in your Pi-hole's log?

derlarsen · October 20, 2020, 5:34pm

Yep, it shows up in the logs.

Bucking_Horn · October 20, 2020, 5:46pm

And what's the answer that gets logged?
Could you provide an example?

derlarsen · October 20, 2020, 5:51pm

This is what is show in the log:

Bucking_Horn · October 20, 2020, 6:01pm

If that indeed correlates with a dig for localregistry by your Macbook, then it is your FritzBox suppressing the answer, as Pi-hole is correctly supplying an IP address.

Try declaring Pi-hole as an exemption from DNS Rebind Protection in your FB (in a German model, that lives at Heimnetz | Netzwerk | Netzwerkeinstellungen -> weitere Einstellungen: DNS-Rebind-Schutz)

Your current configuration is using Pi-hole as your FB's upstream DNS server only.
You should also be aware that your FB does support distributing your Pi-hole as local DNS server via DHCP. This would allow you attribute DNS requests to individual client IPs in Pi-hole's Query Log, as well as client-based filtering.
It would also eliminate the need for a DNS Rebind Protection exemption.

derlarsen · October 20, 2020, 6:18pm

That was it, thank you so much. I've learned 2 things today: DNS-Rebind protection and the DNS server announcement when in DHCP mode. I went with the DHCP route btw.

Well done, sir!

system · November 10, 2020, 6:18pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.