Please follow the below template, it will help us to help you!
Expected Behaviour:
Have overplay.net smartdns service working, allowing me to watch streams "faking" my location to the providers.
Actual Behaviour:
DNS is working, but overplay tests fail (they use https://dragon-check.unblock-us.com) and regional video providers detect my region
I checked the log (tail -f /var/log/pihole.log) and the queries seem to be forwarded to overplay's servers, but they still don't work (I masked the IPs except those for the DNS server for privacy reasons):
"Jan 25 07:56:32 dnsmasq[4050]: query[A] open.live.bbc.co.uk from x.x.x.x
Jan 25 07:56:32 dnsmasq[4050]: forwarded open.live.bbc.co.uk to 209.107.219.3
Jan 25 07:56:32 dnsmasq[4050]: reply open.live.bbc.co.uk is
Jan 25 07:56:32 dnsmasq[4050]: reply open-live.bbc.net.uk is y.y.y.y
Jan 25 07:56:32 dnsmasq[4050]: reply open-live.bbc.net.uk is z.z.z.z
Jan 25 07:56:32 dnsmasq[4050]: query[A] r.bbci.co.uk from x.x.x.x
Jan 25 07:56:32 dnsmasq[4050]: forwarded r.bbci.co.uk to 209.107.219.3
Jan 25 07:56:32 dnsmasq[4050]: reply r.bbci.co.uk is
Jan 25 07:56:32 dnsmasq[4050]: reply stats.bbc.net.uk is m.m.m.m
Jan 25 07:56:32 dnsmasq[4050]: reply stats.bbc.net.uk is n.n.n.n
"
They won't help me much, I think. The configuration to use their service is quite simple, just set their DNS servers as the main ones in your router, or in my case, when I am not trying pi-hole, as the forwarders in bind, login to their page, and set your external IP or define your domain name and that is it.
I saw that another user had to add exclusions for the devices he wanted to work with smartdns - DNS settings PER IP-adres - #5 by dirtNnasty
In the end, it might be easier for me to just add dansguardian to my setup (RPI running bind, dhcpd, openvpn).
Just to add some information, I tested doing a simple ns-lookup of www.bbc.co.uk, and pi-hole is returning an "unmasked" address, the one you get when using regular name servers, while using my bind server or directly the smartdns ones I get a completely different address.
It almost feels like the DNS server configuration is ignored by pi-hole.
Feeling extra confused now - I repeated the experiment in the pi-hole machine. Even a nslookup query using the smartdns server returns the "unmasked" address. It seems that smartdns doesn't recognise the query as coming from my ip if I do it from the pi-hole machine, despit it being in the exact same network as all my other machines from which the query works.
Any idea what to check now?
I should have started with this - "dig TXT +short o-o.myaddr.l.google.com@ns1.google.com". It seems that my external IP is different when I do this in the pi-hole machine. The pi-hole apparent external ip is for an address in a block belonging to skynet.be (195.238.0.0 - 195.238.31.255) while my real external ip is in a block belonging to BE-BELGACOM-ADSL1 (109.134.0.0 - 109.134.255.255), which makes sense, as belgacom/proximus is my ISP.
Is pi-hole masking the external IP on purpose? Can I disable this?
As expected, I was told by overplay's support that they don't know the pi-hole, it's not a supported product, and can't help me.
What is really confusing me is the different answers to a dns-lookup between the pi-hole and another rasperry pi in the same network and switch:
pi@pi-hole:~ $ nslookup
I am using smartdnsproxy and have it working since the beginning.
Setup is with pihole and local unbound (directly talking with root servers) but this could also replaced with google dns, cloudflare etc.
Main thing is that my configuration only send queries to smartdnsproxy of domains that I explicitly name like bbc.co.uk and so on.
You have to create a file in /etc/dnsmasq.d, for example 06-smartdns.conf.
In this file you put
server=/bbc.co.uk/zattoo.com/alldomainsyouwant/ip.of.dns.server.from.smartdnsproxy
Then all queries go to for example Google but only special domains are querying the smartdnsproxy.
Thank you @ampfinger, but that doesn't seem to help me, unfortunately. I'm firing up wireshark now to see if I can find anything different on queries done from the pi-hole machine, if I can't, I'm guessing that if I want to use pi-hole I'll need to keep my bind server and use it as the "upstream" server for pi-hole.
Upstream is the two addresses I put here - 64.145.73.2 and 209.107.219.3.
Right now, I went with keeping my "old" bind server running, and having those two as forwarders. In the pi-hole, I set up the address of my bind server as the upstream, and now overplay smartdns works. I just need both boxes running.
Finally, I have it working. I finally set the DNS servers in the router to those provided by overplay's smartdns, and set the pi-hole to use the router as the upstream DNS server. I also configured ddclient on the pi-hole machine to automatically update the public DDNS address.
Still no idea why it won't work if pi-hole uses the smartdns servers as the upstream, but at least it works like this.
Thanks guys, now I can use your great work!