Pi-hole as DHCP server blocks nothing

tonyrulez · 2018-09-27 15:55:34 UTC

I was using Pi-hole as a DNS server before, and it blocked stuff, but only the router was detected as a device. So I followed the instructions from here, precisely: 2. Advertise Pi-hole’s IP address via dnsmasq in the router (if supported)

So the whole process of what I did:

Router:
Disable DHCP server (running OpenWRT) - yes, I completely disabled it instead of using dnsmasq, on an other forum a user told me this who also builds OpenWRT releases - and reverted the DNS server from Pi-hole IP to my own (Cloudflare).

Pi-hole on server (Debian9):
Running on a miniPC server, I set a static IP address in /etc/network/interfaces, chose my router (192.168.1.1) as my DNS server, turned on DHCP server.

Then I restarted everything, the router and the server too. The server got it’s static IP address, and on the Pi-Hole webUI the DHCP leases started to appear. So far so good, the Pi-Hole DHCP is working! But, the blocking doesn’t…

The dashboard shows 5 connected clients, which is the router, the server and 3 other devices. If I start opening up webpages on the other 3 devices, the total queries number doesn’t change at all. In query log, all the clients are localhost, meaning Pi-hole only works on the server itself, but does nothing for the other devices.

How can I fix it?

jfb · 2018-09-27 16:17:55 UTC

If you have your router as the DNS server at the system level on the Pi-Hole host platform, the queries are going to the router (and thus to Cloudflare), bypassing the Pi-Hole.

Recommend using Cloudflare as the upstream DNS server for Pi-Hole, and getting the router out of the DNS loop.

tonyrulez · 2018-09-27 16:19:51 UTC

So if I understand correctly, I need to change Pi-hole DNS to Cloudflare, and router DNS pointing to Pi-hole?

jfb · 2018-09-27 16:22:58 UTC

With Pi-Hole running as DHCP server and upstream DNS set on Pi-Hole to Cloudflare, DNS settings on the router should have no effect. You can leave router DNS set to Pi-Hole, but all the connected clients should be getting their DNS assignments from the Pi-Hole during the DNS handshake.

tonyrulez · 2018-09-27 16:27:55 UTC

Okay, I changed it, but I don’t understand this completely.

The whole point of using Pi-Hole as a DHCP server is to be able to see what queries from which device was requested and potentially blocked. Now the blocking works, but in query log the client says 192.168.1.1 for everything.

Also, is the linked post wrong then? It specifically says don’t use any other DNS on Pi-hole, just the router IP.

jfb · 2018-09-27 16:37:04 UTC

I think you may still have another setting on the router - did you clear the setting to advertise the Pi-Hole DNS in the router dnsmasq?

I don’t believe this is the case.

jfb · 2018-09-27 16:43:16 UTC

This should be the DNS path:

Clients get IP address from DHCP server (in this case the Pi-Hole). Note you have to renew their DHCP lease and/or flush old DNS caches in the clients to get the new DNS info in the clients.
With the DHCP handshake, the DHCP server will assign a DNS. This will be the Pi-Hole itself. Your clients should show the Pi IP as their DNS server, and not the router.
DNS queries will subsequently go to the Pi-Hole directly.

If there are any other DNS settings on the router or the Pi OS, they will interfere with this process.

tonyrulez · 2018-09-27 16:45:28 UTC

I did clear the settings.

Now I redid the whole thing as I did in my first post (router IP set as Pi-Hole DNS, Cloudflare set as router DNS) For some reason the query log started to include other devices.

Some devices appeared, some are still missing. Maybe I need to wait for the leases to expire.

I don’t believe this is the case.

From the linked faq post:

On Pi-hole, login to the web interface (http://pi.hole ) > Settings > DNS and instead of choosing upstream servers like Google or OpenDNS, set the upstream to be the IP address of the router as the only upstream DNS server. Do not define any other DNS entries for Pi-hole.

jfb · 2018-09-27 16:50:52 UTC

You are back in the FAQ for setting up the router as the DNS server. This is not applicable when you are setting up the Pi-Hole as the DHCP server going directly to the upstream DNS provider.

You don’t need to wait. Force a lease renewal and ensure all your clients are (1) connected to Pi-Hole and (2) using only Pi-Hole as DNS.

jfb · 2018-09-27 16:55:09 UTC

Why do you prefer this route over using Cloudflare as the upstream provider directly in Pi-Hole and routing none of the DNS traffic back to the router to go to Cloudflare?

tonyrulez · 2018-09-27 16:57:35 UTC

Oh, okay, my bad, I got confused as to what’s going on in the faq

DNS queries will subsequently go to the Pi-Hole directly.

Did ipconfig on a PC, and the DNS server shows up as Pi-hole’s IP.

I was doing what the faq said and as you said, it’s not for this usecase. Will do this instead.

Thanks for your help! Hope all the devices show up eventually.

Last question: How can I force a lease renewal?

jfb · 2018-09-27 17:08:42 UTC

This depends on the client.

PC: ipconfig/flushdns, then ipconfig/release followed byipconfig/renew.

Mac: System Preferences > Network > TCP/IP > Renew DHCP lease

IOS: toggle airplane mode on then off.

IOT devices: typically power off, then power on.

tonyrulez · 2018-09-27 17:09:35 UTC

Thank you!