Hi all,
I've just installed Pi-hole with raspberry pi, it's connected via Wifi to the Unifi UDM which is also connected to the Edgerouter X5. (Edgerouter -> UDM - wireless-> Pi-hole).
The DNS and nameserver in Edgerouter and UDM networks are all pointed to the Pi-hole IP address.
Expected Behaviour:
Internet should be accessible for wired devices from Edgerouter and wireless devices from UDM.
Actual Behaviour:
However I'm only getting internet from wireless via UDM, when trying to plug direct to Edgerouter port (laptop, consoles, wireless AP), there's no internet access.
You seem to be running your Pi-hole on a public IP address:
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the wlan0 interface:
50.<redacted>.200/24
Is that by intention?
Note that making your Pi-hole publically accessible will turn your Pi-hole into an open resolver, which poses a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.
The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver , and we won't provide support in that case.
So sorry I didn’t realised the wlan from the UDM would be public. Could it be because I’m able to access the UDM via unifi network therefore certain port are open for this access?
May i ask how do I set 50.x.x.x to be private so that the pi-hole will not become a open resolver?
On another note, will setting up outbound and set pi-hole as a recursive dns also cause it to be open resolver?
Wherever you did configure that 50.x.x.x/24 range, you should reconfigure that for a private IP address range subnet, i.e. a subnet that fits in one of
Your Pi-hole is only an open resolver if port 53 is open to the internet. This is the same whether you run unbound on your LAN or use a third party upstream DNS in Pi-hole.
Pi-hole is the DNS server that clients see, and it should not be exposed to the internet.
Thanks alot for the feedbacks.
I've set my network to the 10.x.x.x/24 subnet range, reconnect back the pi-hole and seems like my laptops, APs and other devices that connected directly to the EdgeRouter still doesn't have any internet access, while Wifi is ok.
Edge is now using 10.10.x.x/24 subnet, Wifi from UDM is 10.20.x.x/24 subnet. Pi-hole is now residing in 10.20.x.x/24 subnet.
This sounds like an issue in your network configuration:
As your Pi-hole is connected to your UDM, those clients that are connected to your EdgeRouter would need a route from their 10.20.x.x/24 subnet to your Pi-hole's IP within the 10.10.x.x/24 subnet.
You should verify that your EdgeRouter and UDM are configured accordingly.