I’ve been trying to fine-tune my local DNS setup:
- I have the pi-hole running on a Raspberry Pi,
- pointing to a Pfsense box for DNS,
- with the Pfsense box resolving the external requests using DNS over TLS,
- and have a conditional forwarder setup on the Pi-hole to forward requests for the local domain to a Windows domain controller.
But, I’ve tried deselecting “Never forward non-FQDNs,” since my intuition expected that this would forward the non-FQDNs to the local DNS server. It doesn’t work this way; requests seem to be forwarded to the Pfsense box and out to the Internet if they arrive at the pihole without a suffix. Normally I wouldn’t notice it since clients have a DNS suffix search order correctly set, but some Linux systems and WSL don’t have the local domain set, and they actually exercise this feature.
I noticed in the dnsmasq manpage that you can specify this situation to configure dnsmasq to forward unqualified name requests to a specific server. Seeing this, I tried manually adding this to the 01-pihole.conf entry for the conditional forwarder. But, when I make this change and restart the DNS server, FTL crashes.
I have two questions here.
- Could we make a simple tweak to pi-hole to assume that when a conditional forwarder is specified, that that server is where unqualified name requests should be routed (making the dnsmasq configuration file change to support this)?
- Does anyone know of a way to allow this with a configuration file tweak that won’t crash FTL?