Multi-VLAN resolving wrong name of pihole?

pyrodex · March 28, 2022, 10:33pm

The issue I am facing:

Getting incorrect DNS resolution of the PIHOLE itself from other networks.

For example on a host on the DMZ network when I query dns01.lan, the LAN name of the DNS01 IP, it comes back with the DMZ IP address.

$ for i in lan iot dmz guest; do echo -n "dns01.$i: "; dig @192.168.220.8 +short dns01.$i; done
dns01.lan: 192.168.220.8 <- INCORRECT, should resolve back as 192.168.14.8
dns01.iot: 192.168.24.8 <- CORRECT, this is the IP of the IOT interface
dns01.dmz: 192.168.220.8 <- CORRECT, this is the IP of the DMZ interface
dns01.guest: 192.168.215.8 <- CORRECT, this is the IP of the GUEST interface
$

When I jump to another device on say IOT or GUEST they do the exact same thing and the dns01.lan always comes back as the IP of the dns.DOMAIN VLAN.

How do I make it so dns01.lan, or the pihole itself, doesn't do this and provide the proper IP?

Details about my system:

I have a pihole running with four interfaces via VLAN. Here is the break down:

eth0 - LAN - 192.168.14.8
eth0.30 - IOT - 192.168.15.8
eth0.40 - DMZ - 192.168.220.8
eth0.50 - GUEST - 192.168.215.8

I did this so I didn't have to cross the firewall for DNS requests and then on the pihole I block non-DNS services on the IOT, DMZ, GUEST networks except tcp/udp 53.

DHCP, on the pfSense firewall, hands out the local .8 for the respective subnet.

I also do the following for my internal networks:

root@dns01:/etc/pihole# cat /etc/dnsmasq.d/99-tuning.conf
# Fix PLEX
rebind-domain-ok=/plex.direct
# Increase max from 150 to 1024
dns-forward-max=1024
# settings to extra to be able to catch the ip of the requesting host
log-queries=extra
# Send local zones to Firewall for resolution
server=/lan/192.168.14.1
server=/14.168.192.in-addr.arpa/192.168.14.1
server=/iot/192.168.14.1
server=/24.168.192.in-addr.arpa/192.168.14.1
server=/dmz/192.168.14.1
server=/220.168.192.in-addr.arpa/192.168.14.1
server=/guest/192.168.14.1
server=/215.168.192.in-addr.arpa/192.168.14.1
root@dns01:/etc/pihole#

What I have changed since installing Pi-hole:

Nothing, just switching back to pihole after a while and never used this mutli-vlan configuration before.

pyrodex · March 30, 2022, 4:27pm

Well I solved this myself...

I had to add the following settings into the pihole-FTL.conf for this to work.

$ cat /etc/pihole/pihole-FTL.conf
#; Pi-hole FTL config file
#; Comments should start with #; to avoid issues with PHP and bash reading this file
PRIVACYLEVEL=0
# BEGIN ANSIBLE MANAGED BLOCK
# Fix PiHole responding
PIHOLE_PTR=NONE
# Fix the name of the pihole to the IP of the server
LOCAL_IPV4=192.168.14.9 # IP of the eth0 primary VLAN interface.
# END ANSIBLE MANAGED BLOCK
$

Since I use Ansible for my configurations I was able to fix this systematically on the boxes and now dns01/dns02.lan resolves properly from different VLANs

system · April 20, 2022, 4:28pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.