pihole will answer requests from all of my local networks
Actual Behaviour:
only requests originating from the same network as the default gw of the pihole vm are getting replies
I've ruled out firewall issues by doing a tcpdump on the pihole server and see that incoming packages are received, but no outgoing packets are sent:
root@pihole:/etc/dnsmasq.d# tcpdump -i any port 53 and host wireguard
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
14:53:28.642625 ens19 In IP wireguard.47632 > pihole.domain: 43117+ A? google.com. (28)
14:53:33.640344 ens19 In IP wireguard.47632 > pihole.domain: 43117+ A? google.com. (28)
My dns interface settings are set to "permit all origins". I don't know how long this has been happening or what changed, but I'd like to be able to use pihole for all my local networks.
Please describe the topology of "all my local networks". How are the networks linked (how would they all be visible on port 53 to the Pi and thus to Pi-hole)?
I have unifi router with multiple networks/vlans. The router presents a .1 address on each network and the dhcp config indicates the .1 address for default gw, and my pihole’s IP as the primary dns server followed by the router’s address. Also, I’m trunking the vlans to my VM server, so I can present any (or several) networks to the pihole vm. I’ve also tried adding additional virtual nics to the pihole vm and querying against an interface which appears local and doesn’t have to go through the router.
Complicated, I know.
I can ping or ssh to the pihole, and as I indicated, tcpdump shows the DNS packets arriving, but no replies leaving.
Further, for my testing I am using dig @10.0.0.222 google.com