Multiple subnets/VLANs and hostname resolution

I've always wondered what the best way is to solve my problem of my multiple subnets and hostname resolution on the Pi-hole. Conditional forwarding works as intended but the interface only allows for one subnet with one domain name. I have 3 subnets that go through the Pi-hole so that entry doesn't suffice. What I've done is create a file /etc/dnsmasq.d/10-additional-dhcp.config and I have entered my subnet info in there so the file looks like this:

addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list


server=/mgmt/192.168.1.1
server=/1.168.192.in-addr.arpa/192.168.1.1
server=/home/192.168.10.1
server=/10.168.192.in-addr.arpa/192.168.10.1
server=/iot/192.168.30.1
server=/30.168.192.in-addr.arpa/192.168.30.1

This allows hostname resolution for all those subnets. Meanwhile on the web interface it shows as no condition forwarding as being setup.

Am I doing this correctly? Is there a chance that there will be a change in web interface to allow more than one network to be entered? I wouldn't think that my situation is unique.

Why are these lines included? They duplicate existing lines in /etc/dnsmasq.d/o1-pihole.conf

Yeah I was wondering about those as well. I got the idea for creating that file from either here or reddit and I believe this was in the file from that example.

Is this file an accepted way to configure multiple subnets for conditional forwarding. It seems a little "hacky" so that's why I'm asking about it and if there will be a change somewhere down the line to do this through the web GUI.

Multiple subnet/VLAN support would be very deal. This type of configuration is indeed getting really common these days.

Is this configuration working well for you? are your needs DNS only DHCP also?

1 Like

nbv

I don't see any development to the web interface to support this and I am facing the same challenge as I am using Pi-hole for DNS requests only.

Has your solution described above work proved to work successfully?

1 Like

Yeah it seems to do the job and I am only using Pi-hole for DNS as well. Sure would be nice if if there was a GUI interface for it though.

This FR currently has 0 votes so it's going to be really low on the list of things to do.

Thanks @pappcam, @DanSchaper - it seems to work well as a solution for me but putting this in the GUI would be a massive help so I've now voted the FR if that helps :slight_smile:

Indeed I also have the impression that network techs like multiple VLANs, local server, local NAS, IoT, local VPN server, etc is becoming more common on homes. Pihole is a must-have for LANs that have these.

But let's not forget that the base softwares that are used on Lix-base systems are still based on CLI, daemon and txt-config. GUI and WebUI are added over these and shouldn't be a full replacement.

It's great to have configs present on WebUI, but more advanced/complex configs and configs used by fewer ppl shouldn't be priority in WebUI development. If they can be properly set on txt-config, just do it this way.

I'd rather see improvements on Dashboard reports and group management/adlists, which aren't available on txt config, than integration of WebUI with dnsmasq existing features.

1 Like

Not really.

I also don't see VLANs being anything close to being common in everyday at-home networks. Local NAS, for sure. IoT as well and maybe even a local VPN server (often embedded in your router or on some RPi). But these are just, let's say, ordinary clients and devices like every else.

VLANs etc. are an entirely different beast and their overall usage is something I'd expect way down in the per mil range even among our often somewhat more tech-savvy user base. The vast majority of networks still have only a router plus some clients. And the Pi-hole :wink:

I disagree with that. As the internet of thieves becomes more prevalent it is only a matter of time before domestic routers start offering a basic vlan configuration for better security.

I have a draytek router and it supports vlans. All my internet of thieves devices are on one vlan, my firestick's on another and my pc's and laptops and another.

you may wat to call me paranoid but IOT devices are not known for their robust security. they can sit on their own vlan and hack each other.

I use pihole for my private network for both DHCP and DNS. I would be mice if the DHCP options in the gui weren't buried and it would be awesome if the DHCP server side supported multiple DHCP scopas.

personally to have those options i'd be willing to pay a nominal amount to unlock the options. The is probably a market out there for small / medium businesses who would benefit from having vlans but don't have the budget or need of a windows or liux server.

You may be able to do this with a dnsmasq configuration. I have not verified that this will work.

https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

** -F, --dhcp-range=[tag:[,tag:],][set:,][,|[,[,]]][,]**

Note that Pi-hole is a DNS filtering engine.
It doesn't intend to be a full-blown DHCP management tool, let alone to replace your router.
It's DHCP support was only added as a means of last resort, to offer users with restrictive routers that wouldn't support proper DNS configuration another option to still make use of Pi-hole.

In any case, you'd need a piece of routing network equipment like a router that supports VLANs to begin with. I'd expect VLAN capable equipment to expose respective configuration options, lest it wouldn't be usable for its very purpose at all.

If you'd just still want to use Pi-hole's DHCP server and need it to handle multiple scopes, you could explore dnsmasq's capabilites as suggested by jfb.

Of course, you could also turn an SBC into a router with VLAN support by installing and configuring the respective software on it. But such an endeavour is clearly out of Pi-hole's scope.

1 Like