Pi-hole where in the network topology?

What would be the most suitable location and/or role of the Pi-Hole box be in this network topology?

ISP/WAN —> Home xDSL router —> Apple Airport WLAN router —> wireless LAN hosts

The xDSL router (facing internet) has a static-configured public WAN IP. It then gives the WLAN router (via DHCP) another static public WAN IP (from the same WAN pool) because I wanted to avoid NAT at this point. The Airport then does NAT translation and dynamically gives LAN IP addresses onto hosts requesting for them.

What I’m considering now is placing the Pi-hole Raspi between the xDSL router and the Airport, so that the xDSL router would end up being the only box with a static public IP (using ISP DNS servers), announcing a LAN IP for the Raspi (as a DHCP client, getting the same IP every time by way of MAC binding) and hosts (dynamic clients) behind the Airport, giving them the Raspi’s IP address as the DNS server. The Airport would end up converting into a bridge, not serving DHCPD nor NAT; those would be done in the xDSL box, as I want to avoid double NAT scenarios like the plague.

I just wanted to make sure I’m on track here and not missing anything?

Thanks a lot :slight_smile:

The Pi-hole shouldn’t be between anything. It’s not a router or a proxy, it’s a DNS server. It just needs to be on the same segment as the clients, and have an IP address that is accessible to the clients. There’s not really a situation where NAT comes in to play as it should be entirely inside the local network and not be accessible from the WAN.

2 Likes