Local DNS with specific domain

Help
1

Sorry for the long post :face_with_peeking_eye:

Setup:

We have a network range (eg. 100.100.100.0/25) and a domain (institute.university.de) in our university network.
I used pihole as a local DNS and DHCP server (I switched from dhcpd on debian when that was no longer developed).

Expected Behaviour:

I would like, that a if I request e.g. the FQDN mars.institute.university.de in our network pihole response with the IP address of the pc "mars". And if this is not possible it should ask upstream.

In pihole v5 I had set our pi-hole DNS domain name: institute.university.de.
I had a bunch of static ip adresses for all our devices within a dnsmasq .conf file (Link to related question).

This worked great, pihole answered to request like fileserver.institute.university.de. with the local ip address.

The DNS entries where also set in the upstream dns servers of our university where the pihole is requesting when an external FQDN is not already known. I am just noticing that I never really checked if domains like server.institute.university.de where answered directly by pihole, or if it send this request upstream. (IP addresses are the same at pihole and upstream, we use a "global" address range.)

Actual Behaviour:

:warning: I started to write this question when it did not work at all. Then it worked after another try (I think empty lines in Conditional forwarding cause an error: "dns.revServers[3]: contains two commas following each other immediately" [1]), but my basic question is still open. :warning:

Pihole was not answering request directed at fileserver.institute.university.de. This is as intended and explained in the comment to Pi-hole domain name

The DNS domains for your Pi-hole. This DNS domain is purely local. FTL may answer queries from its local cache and configuration but never forwards any requests upstream unless you have configured a dns.revServer exactly for this domain. If no domain is specified and you are using Pi-hole's DHCP server, then any hostnames with a domain part (i.e., with a period) will be disallowed. If a domain is specified, then hostnames with a domain parts matching the domain here are allowed. In addition, when a suffix is set then hostnames without a domain part have the suffix added as an optional domain part.

So I set a dns.revServer further down in Conditional forwarding
(100.100.5.1 and 100.100.4.1 upstream dns servers of our university):

true,100.100.100.0/25,100.100.4.1,institute.university.de
true,100.100.100.0/25,100.100.5.1,institute.university.de

This works. If I request e.g. venus.institute.university.de the request is send to the DNS server at 100.100.4.1.
But then all DNS entries have to be set in the upstream server (which would be possible in my case, but not in any setting)

#0
What do I have to do, so that the local domain is our university domain institute.university.de and pihole answers requests to our pcs (like mercury.institute.university.de) with the IP pihole as DHCP server has give them?

#1
Is the second line in Conditional forwarding obsolete?
Is it possible to have a failover?
Will pihole "ask" the second DNS Servers in line 2 if the first fails?

#2
Can I set pihole itself? (100.100.100.2 being the ip of the raspberry pi 5)

true,100.100.100.0/25,100.100.100.2,institute.university.de
true,100.100.100.0/25,127.0.0.1,institute.university.de

Thanks for reading this far :slight_smile:

[1] I think will give feedback at GitHub - pi-hole/web: Pi-hole Dashboard for stats and more

2

The line

true,100.100.100.0/25,127.0.0.1,institute.university.de

results in the warning:

DNSMASQ_WARN
Warning in dnsmasq core:
ignoring nameserver 127.0.0.1 - local interface
Check out our documentation for further information.

So that is not the way to do it.

I expect the "fix" is something easy that I am just not seeing...

3

  • ad #0
    For DHCP leases assigned by Pi-hole's DHCP server, Pi-hole will add DNS records for hostname as well as hostname.institute.university.de, provided dns.domain is set to institute.university.de.
    To have Pi-hole treat local DNS records (A/AAAA) in a similar fashion, you'd also need to enable Expand hostnames / dns.expandHosts.

  • ad #1
    You may supply more than one conditional upstream / dns.revServer, in which case any of them may be used as upstream.
    pihole-FTL will elect to prefer the fastest responding conditional target DNS server, as it does for regular upstream DNS servers.

  • ad #2
    Configuring any IP of the system that your Pi-hole is running on as one of Pi-hole's upstreams would result in a DNS loop.
    Consequently, Pi-hole will discard such options and log a corresponding message.

4

@Bucking_Horn Thank you.
I could finally test this today and it works as you said.

Then I started to think why I had to ask this in the first place, because it is totally obvious to me now.

Than I remembered that the servers I had a problem with do not use DHCP (instead they have a static IP set in their configuration, [1]). So they do not ask for an IP address and then pihole FTL does not know about them and cannot answer a request of their FQDN.

But I was wrongly expecting that, when I set static IP address in the pihole DHCP part, the pihole DNS part automaticly does know about this and can answer requests for the FQDN. But this only happens when the pc actually is asking pihole for an IP.

So to tell pihole about servers which do not use DHCP I would have to set them in /etc/hosts. This is also mentioned in Advanced DNS settings -> Never forward non-FQDN A and AAAA queries and again in hindsight obvious to me know.

Thanks again for your help.

[1] the reason was that they should be available even if there is a problem with the (old) DHCP and or DNS services