I have followed this guid to setup PiHole and my Opnsense.
Everything works except the client hostnames are nor resolved, it shows up in PiHole as IP addresses.
I followed everything from this link.
https://pi-hole.net/blog/2021/09/30/pi-hole-and-opnsense/#page-content
Hi, I wrote the guide and it's how I have things running so I can help.
If Pi-hole is showing IP addresses for clients then the upstream is not giving the information. What is your upstream set to in Pi-hole (should be the unbound server on OPNsense).
Are you using OPNsense as the DHCP server? Do you have unbound set to register the DHCP leases?
Thanks for your quick reply.
My Unbound DNS in Opnsense is disabled.
I have Dnsmasq DNS enabled.
Upsteam in PiHole is set to cloudflare Family in Custom field in upstrem DNS server.
Opnsense is providing DHCP.
My router is 192.168.4.1
PiHole is 192.168.4.209
Here are some screenshots
What IP are you giving to clients for the DNS server? It should be OPNsense. Have you added the EDNS0/ECS to OPNsense's dnsmasq?
add-mac
add-subnet=32,128
/usr/local/etc/dnsmasq.conf.d/edns0.conf
Edit: Pi-hole will use the upstream server to try to map client IPs to domain names. This is where unbound comes in to play. There's a second part of the guide that I haven't written yet but it covers unbound. CF Family doesn't know the information so there's no way to get that info to Pi-hole.
Your clients are able to use hostnames because they use OPNsense's dnsmasq directly and that daemon has the leases registered in its database.
Hi, thanks for your guide, very easy to follow.
I too am getting the same issue following your guide.
my unbound is also disabled since it conflicted with dnsmasq. i added that edns0.conf file and its contents look the same. is there something which needs to be done so that dnsmasq actually uses that file?
The article doesn't really go into any detail about unbound, I appreciate that that is pt2 which you haven't written.
Could you give us some pointers as to how to configure unbound so that Pihole can log the correct DNS names of all of the clients on the network?
edit: I've reenabled the conditional forwarding again and it is now showing the client names... but the logs are being a bit weird as now it shows status as "unknown (0)" and the reply is "REFUSED)
dns seems to be working ok though despite this.
thanks
am i right in thinking that the resulting architecture would be
client > dnsmasq(opnsense) > pihole > unbound (opnsense) > upstream ?
Set unbound to listen on port 5335 instead of 53. And set unbound to register DHCP leases so that Pi-hole can find the hostname to IP mappings.
And you give me an excellent point and reason to write that.
Correct up to the upstream. unbound talks direct to the authoritative nameservers in it's default configuration. You no longer need upstreams, you are your own upstream.
ok thank you for replying. , i had already set up unbound as per your earlier screenshot. but not sure what to do with it now. set my opnsense IP as the "Custom 1 (IPv4)"? can i add a port to that part of that entry? 192.168.0.1:5335 or 192.168.0.1#5335 ?
Set the unbound ip and port in Pi-hole as the upstream. That should be the only change you need to make.
ok i've just added it as 192.168.0.1#5335 and disabled the other upstreams and conditional forwarding. but i'm not getting the local host names being resolved in the logs. external name resolving is still working though
Pi-hole queries for the names on a schedule, if you want to kick that process off manually then go to the Pi-hole admin page > Settings > Flush network table. (Or Restart DNS resolver). Then you should see the process happening on the Query Log with pihole making a series of PTR queries to OPNsense's unbound daemon.
thanks. ok that kind of makes sense. but if i restart the services it loses all of the logs in the main dashboard of pihole so i can't actually see if its done anything with those name resolvers or not. any of the new traffic coming in to it is certainly not resolving still. am i misunderstanding what the point of doing this is? the conditional forwarding part of things seemed to work, in a fashion before i did the unbound.. (there was some odd things in the logs and having to refresh a page sometimes to get pihole to resolve it.)
what is the schedule and is it changable?
I think it's once an hour.
Did the Flush Network Table not do anything?
Edit: Can you run the pihole -d debug process and post the token URL so I can see what the current configuration is?
eek , just tried the flush network table and got
e[K [✗] Failed to truncate network_addresses table
Database location: /etc/pihole/pihole-FTL.db
Output: Error: in prepare, database disk image is malformed (11)
Please send over the pihole -d url token and we'll look at it.
https://tricorder.pi-hole.net/7iltYXI5/ (is that right?)
note that i'm running on docker. fwiw.
thank you for helping
That's fine, so am I.
Mind showing your docker-compose.yml or the docker run command you are using? I do see some database corruption going back to yesterday:
2022-02-14 07:46:58: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning: SQLite3::query(): Unable to prepare statement: 11, database disk image is malformed in /var/www/html/admin/api_db.php on line 387
2022-02-14 07:47:03: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning: SQLite3::query(): Unable to prepare statement: 11, database disk image is malformed in /var/www/html/admin/api_db.php on line 387
Usually we suggest deleting the database when it gets in that state but it sounds like you'd prefer to save that data if possible?
I can't get the compose as i deployed it via portainer (i'm 100% i'm not doing the whole docker thing by best practices!)
I can send you the 'inspect' part of what portainer can show if that willl help (https://pastebin.com/8BidZaMr)
To be honest, historical log data is fine to delete. (if thats the main aspect of losing the db?) also fwiw i configured rsyslog to send over the pihole and ftl logs to my syslog server , but that was today, so sounds like it isn't related.
Sure, I've just started to experiment with Portainer.
Historical data is stored in the database. If you're okay with losing it then go ahead and delete pihole-FTL.db from the host volume after stopping the container. Then restart the container and see if things start populating hostnames. Another debug would be helpful as well.
Cool. I will look at doing that later this evening. Thanks again