Pfsense/pi-hole - all requests showing as localhost

mkyb14 · June 5, 2017, 7:41pm

I've been impressed with the simplicity of pi-hole over pfblockerNG, and recently wanted to switch to using it full time. I'm currently running Pfsense as my main router and when changing the settings on the router itself to look at pi-hole for DNS, all top clients show as just local host.

I've disabled 127.0.0.1 as the DNS used by the router, enabled pi-hole within the General settings as the primary, google as the backup.

under DNSforwarder enabled it, setup dos query forwarding to use this list in sequential order. under DNSresolver, enabled this.

What am I missing that would make pi-hole think all requests are coming from the router itself instead of passing along the DHCP pfsense is handing out?

deHakkelaar · June 5, 2017, 8:28pm

Its a bit difficult to make out how you've setup shop.
Is pfblockerNG, Pfsense and Pi-Hole running on the same system ?

Probably you now have this DNS resolution path:

[Client] --> [Router DNS] --> [Pi-Hole DNS] --> [Upstream DNS servers]

But if want proper stats on Pi-Hole, you need this:

[Client] --> [Pi-Hole DNS] --> [Upstream DNS servers]

What "Server" IP address is displayed when you do below lookup on a Windows/Linux client ?

$ nslookup pi.hole
Server:         10.0.0.2
Address:        10.0.0.2#53

Name:   pi.hole
Address: 10.0.0.2

DL6ER · June 5, 2017, 8:39pm

To second @deHakkelaar's question: It is quite likely that the DHCP settings you hand out let the clients chose your router as DNS server, which - in turn - is forwarding these requests to the Pi-hole, which sees the router as origin of all requests as a result.

You have to have the clients query the Pi-hole directly in order to get accurate origin readings in the Pi-hole logs and statistics.

mkyb14 · June 5, 2017, 8:40pm

I've disabled pfblockerNG on the router.

pi2 = 192.168.1.16 (static)

#nslookup pi2
Server 192.168.1.1
Address: 192.168.1.1#53

** server can't find pi2: NXDOMAIN

all traffic shows in pinhole as
192.168.1.1
localhost

deHakkelaar · June 5, 2017, 9:26pm

Though you did the wrong lookup "nslookup pi2" instead of "nslookup pi.hole", it is clear to me that your clients are contacting your router 192.168.1.1 first for DNS resolution instead of your Pi-Hole 192.168.1.16

mkyb14 · June 5, 2017, 10:11pm

result is the same.

so, I guess my next question is what am I doing wrong within pfsense to make this work?

DL6ER · June 5, 2017, 10:18pm

I don't know pfSense myself, but can you post a screenshot or something similar so we can guess together what might be the correct way of configuring it?

Having said that, you can also use the Pi-hole DHCP server (turn off the DHCP server in your router or wherever it is turned on) which would solve these issues immediately as it will by default hand out the Pi-hole's IP address as the only DNS server.

deHakkelaar · June 5, 2017, 10:29pm

Adding to this, your router is probably functioning as the DHCP server for your network handing out network details to the clients such as IP address, gateway, time service and DNS servers.
So you need to find the DHCP server section on the router and see if you can change the DNS server setting handed out to the clients into that of Pi-Hole.
If not possible, do as @DL6ER suggested and flip on DHCP on Pi-Hole ... after turning DHCP server off on the router.

mkyb14 · June 5, 2017, 10:56pm

so there are a ton, TON of options in PFsense.. not sure we could do it with a screenshot or two.

I'd really like to have pfsense handle everything but DNS. I guess I just need to better understand what features need to be changed within pfsense to handle just DNS (if that's even possible).

Tntdruid · June 6, 2017, 2:52pm

Set the pi dns in DHCP and set enable Enable Forwarding Mode in DNS resolver, set the pi's IP as dns in System > General Setup

mkyb14 · June 7, 2017, 3:25pm

Tntdruid - thank you for the missing part, DHCP DNS wasn't specified. I was focused on the system > general DNS section.

After that, enabling DNS forwarding under DNS resolver, DHCP resolving checkboxes etc. Then to the DNS forwarder section, enabling it on a different port, and a few boxes below. All is showing as individual IP's now in PiHole.

Thanks!

mkyb14 · June 6, 2017, 3:18pm

so there's still a glitch happening where certain wired clients are showing as 192.168.1.1 and the rest are their respective IP's.

Any thoughts as to what would cause this?

for example, roku4 is on wireless DHCP, but shows all it's query's under 192.168.1.1 for some reason.

MrD · June 6, 2017, 3:20pm

Have you reconnected them after you changed the DHCP settings? They will only get their settings once (on connect).

StrangerHereMyself · June 6, 2017, 7:28pm

Hi,

I used pihole and pfsense without any issues. There are several option to set things up:

Option 1)

disable DNS Forwarder and Resolver on pfsense
disable DHCP Server on pihole
enable pfsense DHCP Server on LAN interface. Specify DNS Server(pihole) in DHCP options
if you have mulitple LAN networks (e.g. Wifi , guest) ensure you create a firewall rule to allow clients access to pihole
for multiple LAN networks you will need to configure each DHCP Server to on each interface to use pihole as DNS

Option 2)

disable pfsense DNS Forwarder , Resolver and DHCP Server
enable pihole DHCP Server and specify pfSense as Gateway

There are more options, but I would use 1) or 2) mentioned above