Pi-Hole on two VLANs - not working

Help
1

Hi folks,

I have two VLANs running with pfSense doing the hard work between the two.

I have Pi-Hole on 1 (10.10.50.2) and the other VLAN is 10.10.30.0/24
On any host in either VLAN I can ping between them. I have rules in place to allow this.

I want clients on my .30 VLAN to use the Pi-Hole as their DNS too.
From the dns (Pi-Hole) I can ping 10.10.50.1 which is it's gateway, I can ping any other client on the .50 VLAN. Expected.
I cannot though ping any clients on the .30 range from the rpi.
As said, any other client on the 50 VLAN can ping any client on the 30 VLAN.

It's just the dns which cannot ping a local, non-/24 address.
I'm not sure where it is getting lost. I sniff the traffic on pfsense and when pinging the .30. I don't even see it hit the router....

the DNS routing table is such
pi@dns:~ $ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.50.1 0.0.0.0 UG 202 0 0 eth0
10.0.0.0 0.0.0.0 255.0.0.0 U 202 0 0 eth0

Any help appreciated.

thanks.

2

double check and make sure that port 53 is open between the VLANS ?

3

It is. In the live log in pihole I can see my phone hitting the dns. It's android and throwing all sorts at it. It's the traffic back which is a problem.

It's that this device can't talk back to 10.10.30... But other rpi can.
Nothing odd with the pi-hole routing / ip tables that's been done?

5

Something is really confusing me here :slight_smile:

From the RPi I ping the following:
10.10.50.1 (GW - Works)
10.10.30.1 (VLAN GW, does not work from DNS, works from others on LAN)
1.1.1.1 (you know :slight_smile: )

While sniffing the traffic I get this:

Blockquote
09:31:37.833143 IP 10.10.50.2 > 10.10.50.1: ICMP echo request, id 7153, seq 1, length 64
09:31:37.833195 IP 10.10.50.1 > 10.10.50.2: ICMP echo reply, id 7153, seq 1, length 64
09:31:38.834867 IP 10.10.50.2 > 10.10.50.1: ICMP echo request, id 7153, seq 2, length 64
09:31:38.834884 IP 10.10.50.1 > 10.10.50.2: ICMP echo reply, id 7153, seq 2, length 64
09:31:39.836482 IP 10.10.50.2 > 10.10.50.1: ICMP echo request, id 7153, seq 3, length 64
09:31:39.836503 IP 10.10.50.1 > 10.10.50.2: ICMP echo reply, id 7153, seq 3, length 64
09:31:52.694325 IP 10.10.50.2 > 1.1.1.1: ICMP echo request, id 7185, seq 1, length 64
09:31:52.718500 IP 1.1.1.1 > 10.10.50.2: ICMP echo reply, id 7185, seq 1, length 64
09:31:53.696401 IP 10.10.50.2 > 1.1.1.1: ICMP echo request, id 7185, seq 2, length 64
09:31:53.729900 IP 1.1.1.1 > 10.10.50.2: ICMP echo reply, id 7185, seq 2, length 64

Nowhere can you see the ping to 10.10.30.1. It's like it's not heading to the DNS default GW.

I've checked iptables and there is nothing set up in there (that I can see).

This is a standalone PRi with only Pi-Hole on it. Nothing else.

Really confused now.

6

Can you check if DNS Rebind Protection is enabled?

7

Finally found the problem. :smile:

I noticed that the netmask on the dns was 255.0.0.0 which was wrong. I set it back to dhcp where it picked up the correct 255.255.255.0

Glad I solved it and now have something new to add to my brain :slight_smile:

Thanks for the help all. Appreciate it.

2 Likes
8

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.