I'm a networking newbie and I'm trying to set up a home server so I can run various applications including applications in docker containers. I've been trying to use subdomain names in CNAME entries on pihole, but I can't get them to resolve to the home server.
I've been poring over openwrt and pihole docs, forums, and guides trying to find a solution to this, but I haven't been able to crack it so I'm looking for help.
My setup includes:
Router: Netgear R6220
Running OpenWRT configured with pihole as the DNS server from the instructions (method 2).
IP: 10.0.0.1
PiHole: Pi Zero W
IP: 10.0.0.2
CNAME entry mapping api.iron.lan to iron.lan
Home Server: ASUS PN51
named iron.lan
no static ip
Docker Containers running on iron.lan:
envoy front proxy routing api.iron.lan to a container running a fastapi server
fastapi server
Expected Behaviour:
Subdomains should resolve to the home server.
An HTTP request from any machine on my lan to api.iron.lan should make it to the docker container running a fastapi server
Actual Behaviour:
Domains that map to actual machines on my lan resolve correctly (e.g. iron.lan, pihole.lan)
Subdomains mapped in CNAME to an actual machine do not resolve in browser or nslookup unless explicitly pointed to pihole as the DNS
When originating from the home server, I can make HTTP requests to "api.iron.lan" without issue.
Note that Pi-hole does not see any HTTP requests.
A client will try to resolve a given domain from a URL prior to sending the actual HTTP request.
If indeed the HTTP request would get sent and would not make it to its destination, then Pi-hole would not be involved.
Pi-hole only ever sees DNS requests - including those for your CNAME.
With your current configuration as apparent from your debug log, a lookup for your CNAME would only work if if Pi-hole's cache is populated accordingly, e.g. after a previous nslookup iron.lan.
To make Pi-hole authoritative for iron.lan, just create the respective Local DNS Record.
Alternatively, create the respective subdomains like your api.iron.lan directly as Local DNS records.
EDIT:
That machine is using 172.22.208.1 for DNS, not Pi-hole.
Thanks for the advice. I did this and it worked immediately. However, a day later, I'm again unable to locate iron.lan and api.iron.lan. I don't understand why this would happen.
I suspect there are issues with wsl and windows, but looking at the network connection my OpenWRT settings are definitely broadcasting that pihole is the DNS server:
Are there additional settings with OpenWRT or pihole that I must do in order to get this to work?
That's a separate issue:
The failing nslookups are not using Pi-hole, but resolvers at 172.22.208.1 and fd12:193c:86bb::1, e.g.:
You should probably point the machines that ran those nsloookups to your Pi-hole for DNS as well.
But if those alternates are used by intention, you should make sure that those 172.22.208.1 and fd12:193c:86bb::1: use your Pi-hole as their only(!) upstream.
You may verify that your Pi-hole is in the upstream resolution chain by running:
nslookup pi.hole
By default, only Pi-hole knows how to resolve pi.hole.
This last bit helped tremendously; pi.hole was not resolving because it was pointing to the IPv6 server. Turns out that OpenWRT router was broadcasting itself as the IPv6 DNS server; I believe this was a default setting.
It needs to be disabled in OpenWRT under the lan interface settings:
Interfaces > Lan > DHCP Server > IPv6 Settings
Disabled the setting and rebooted the router (just in case) and everything seems to work as expected.