My router is a Netgear Orbi RBK852 with the latest firmware. It is set to use 192.168.1.92 and 192.168.1.91 as the domain name servers.
DHCP has been disabled on the router and enabled on each pi-hole instance. I include a custom configuration file with the line dhcp-option=option:dns-server,192.168.1.91,192.168.1.92 to ensure the servers are aware of each other, as per several forum posts.
Issue
With "Never forward non-FQDN A and AAAA queries" and "Never forward reverse lookups for private IP ranges" enabled, Conditional Forwarding creates huge log files which result in log file resizing, which in turn disables DNS until the log file has been updated.
Ideal State
I do not need conditional forwarding enabled - I am now using pi-hole as a DHCP server, and my client list is populated correctly.
What I DO want is to use some of the features of dnsmasq to allow me to use an internal domain name with my reverse proxy, which will allow me to create rules to forward, for example, pihole1.[internal domain] to pihole1.[server]:8080/admin without issue.
Question
How can I best enable support for "subdomain.localdomain" addresses that can then be forwarded to a reverse proxy (in this case Nginx Proxy Manager) so I can create and manage subdomains.
Import a set of hosts (done using /etc/pihole/custom.list)
Create a local domain instantdreams.lan (done using docker environment variables PIHOLE_DOMAIN and REV_SERVER_DOMAIN)
Expand all hosts to use local domain (done using docker environment variables DNS_BOGUS_PRIV and DNS_FQDN_REQUIRED)
Create subdomain records to point [subdomain].instantdreams.lan to instantdreams.lan (done using /etc/dnsmasq.d/05-pihole-custom-cname.conf)
Forward any requests for [subdomain].instantdreams.lan to a reverse proxy (Nginx Proxy Manager) hosted on an edge server (not sure how to do this correctly)
I have read various articles and the dnsmasq man pages and I think I need to add something like this to my custom configuraion:
server=/instantdreams.lan/edge-server
But I'd really like some validation and assistance with this!
This is a strong indication that you've configured a DNS loop, where queries would bounce between Pi-hole and your router forever or until timeout.
Your debug log confirms this:
*** [ DIAGNOSING ]: Pi-hole log
-rw-r--r-- 1 pihole pihole 929M Mar 13 07:39 /var/log/pihole/pihole.log
-----tail of pihole.log------
Mar 13 07:39:23 query[AAAA] id-services.instantdreams.lan from 192.168.1.1
Mar 13 07:39:23 forwarded id-services.instantdreams.lan to 192.168.1.1
Mar 13 07:39:23 query[PTR] 195.1.168.192.in-addr.arpa from 192.168.1.1
Mar 13 07:39:23 forwarded 195.1.168.192.in-addr.arpa to 192.168.1.1
Usually, you should disable Conditional Forwarding - as your Pi-hole is acting as DHCP server, there is no benefit in enabling Conditional Forwarding to your router.
In your case, you've configured both of your Pi-hole's as DHCP servers for the same network range.
For DHCP clients without a static lease reservation, this may result in address collisions, as neither DHCP server is aware of the lPs already in use by other DHCP servers.
Furthermore, it would also mean that a server would not be aware of names associated with IPs that have been dynamically administered from the respective other's DHCP range.
You should disable one of your Pi-hole's DHCP servers.
I suggest to do so for your second Pi-hole, as its debug log shows it is having connectivity issues for IPv4:
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve www.free-mobile-data.xyz on lo (127.0.0.1)
[✗] Failed to resolve www.free-mobile-data.xyz on eth0 (192.168.1.92)
[✓] No IPv4 address available on wlan0
[✓] www.free-mobile-data.xyz is 0.0.0.0 on docker0 (172.17.0.1)
[✗] Failed to resolve www.free-mobile-data.xyz on br-8f8120875e48 (192.168.92.1)
[✓] doubleclick.com is 172.217.14.238 via a remote, public DNS server (8.8.8.8)
Before I had DHCP enabled, turning on Conditional Forwarding would generate huge logs - but I get it now, with DHCP enabled I don't need to turn on Conditional Forwarding.
I think I do need to set environment variable REV_SERVER_DOMAIN so that 02-pihole-dhcp.conf is populated with domain=[domain] and local=/[domain]/
The only reason the second Pi-Hole was not resolving was because both were resizing the database file and the DNS service was offline at the time
I appreciate that I might need to set DHCP on just one host, but I have read multiple examples of this working for people, so I hope I can replicate their configuration successfully.
Yes - as long as Pi-hole would be the only DHCP server on your network link, all clients would request a DHCP lease through that Pi-hole instance, and no other DNS server would manage local names.
As I've already explained above, your current setup is violating those preconditions.
You would be better off by using just one of your Pi-holes for DHCP, where the second only-DNS Pi-hole would have to acquire the names of hosts dynamically registering their DHCP lease with your DHCP Pi-hole by means of Conditional Forwarding to that very DHCP Pi-hole.
With two DHCP servers, you'd need CF to the respective other on both Pi-hole's, invariably closing a partial DNS loop.
That sounds as if you'd already know which dnsmasq options you'd like to apply.
In that case, you should not resort to enabling some arbitrary Pi-hole features just for some desired side-effects.
Just create a custom configuration file in your /etc/dnsmasq.d/ directory and deploy your custom options in there. Make sure your container has the respective recommended volume mount - see Pi-hole's sample docker compose configuration.
I doubt that would have been the case, as the same debug log showed that IPv6 was working fine, and Pi-hole also was operational for the local docker0 interface IPv4.