Pi-hole works if I set DNS in network preferences, but not if set on router with Bridge mode

vedranjaic · June 17, 2020, 5:42pm

Summary details:
ISP Router IP: 192.168.1.1
Linksys Router in Bridge mode: 192.168.1.2
Linux Pi-hole PC Static IP: 192.168.1.10

Hi,

I'm not a network expert so I could use a little help.
I have a small linux PC running docker with a pi-hole. This PC has static IP 192.168.1.10 and is connected via Wi-Fi on Linksys router (192.168.1.2) which is in Bridge mode with my ISP router (192.168.1.1).

All other computers are connected to the same Linksys router.

On any computer I can access pi-hole admin via 192.168.1.10/admin

Linksys router in Bridge mode has Connectivity settings:

IPv4: 192.168.1.2
Subnet mask: 255.255.255.0
Gateway: 192.168.1.1
DNS 1: 192.168.1.10
DNS 2: 1.1.1.1

On any computer, ads don't get blocked... If I set the pi-hole DNS in any of theirs network preferences, ads get blocked and it's working without problem.

So how come the ads don't get blocked if I set it on a router? I guess it's a small fix but feeling stuck in this after 2-3 days of fiddling around, and don't know what to do.

Bucking_Horn · June 17, 2020, 8:16pm

You propagate two DNS servers to your clients, thus your clients may bypass Pi-hole by sending DNS queries to 1.1.1.1 instead.

Get rid of that second DNS in your Linksys, or replace it with Pi-hole's IP again if your router insists on having it.

vedranjaic · June 17, 2020, 9:53pm

Thank you for reply, I tried with or without 1.1.1.1, or with same pihole DNS ip in both 1 and 2. Didn't work in any way

Is there anything I could set in the pihole admin settings? DNS, DHCP, ...?

Bucking_Horn · June 17, 2020, 10:14pm

It may take a while before domains that were already resolved are expired from your client's and browser's caches.

You could try to verify if Pi-hole is active by executing the following commands on one of your clients:

nslookup pi.hole

nslookup flurry.com 192.168.1.10

(assuming your Pi-hole still resides at .10 )

vedranjaic · June 18, 2020, 7:43am

This is what I get if I run these commands

$ nslookup pi.hole
Server: 10.37.1.2
Address: 10.37.1.2#53

** server can't find pi.hole: NXDOMAIN

$ nslookup flurry.com 192.168.1.10
;; connection timed out; no servers could be reached

That's odd, how come it says it found pihole at that ip if its running on Linux PC with static IP 192.168.1.10?
If I run ifconfig on the Linux machine, this is what I get for the docker0, the only container that is in docker and running pihole, so maybe it has something to do with that?

$ ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:d9ff:fe48:214d  prefixlen 64  scopeid 0x20<link>
        ether 02:42:d9:48:21:4d  txqueuelen 0  (Ethernet)
        RX packets 171017  bytes 89470537 (89.4 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 238707  bytes 54037186 (54.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Bucking_Horn · June 18, 2020, 9:39am

The result of nslookup pi.hole shows that your client is not using Pi-hole as DNS server, but a machine running at 10.37.1.2.
As that machine is not Pi-hole, it doesn't know of pi.hole.

One of your routers may thus still distribute itself as DNS server.

The result of nslookup flurry.com forced explicitly through what is assumed as Pi-hole's IP address shows that Pi-hole (or rather, that IP) is not answering DNS requests.
There could be a variety of reasons for this, but since you are running a dockered Pi-hole, it would seem that you decided to use one of Docker's network mode that isolates your container into a network of its own (likely a bridge mode).

So your configuration comprises three different networks:

192.168.1.0/24
Your main home network
172.17.0.0/16
A network Docker has created for isolating your Pi-hole
10.37.1.0/??
A network where your current DNS server resides, likely created by your second router

You'd have to figure with your router's documentation and/or support forums how to get rid of that third network.

For Docker, you want to familiarise yourself with Docker's network modes. Once you get a better understanding, you should then decide on the network mode that best suites your need.

For a start, you could run your Pi-hole container in host mode, giving up on isolation, and use the same network as the machine that Docker runs on. If you add additional services in other containers later, you may want to review this decision and again switch to another isolating mode.

For configuration hints with regards to your Pi-hole, have a read of Pi-hole's documentation for Running Pi-hole Docker.

vedranjaic · June 18, 2020, 9:57am

Thank you for your thorough answer, I will look into it tonight/tomorrow and get back to you.

vedranjaic · June 18, 2020, 10:55am

I'm sorry, just realised I was running these commands on the machine that was connected to work VPN (facepalm)...

Now it shows on all machines:

$ nslookup pi.hole

Server: 192.168.1.1
Address: 192.168.1.1#53

And that is an IP address of my main ISP router, not the one I use to configure DNS and connect all devices to

Bucking_Horn · June 18, 2020, 3:34pm

Not sure if you intended this as just a feedback info or a nudge for continued support.

nslookup pi.hole should return Pi-hole's IP address (.10 ) in all of its fields, not your router's address. You'd have to configure your router for Pi-hole usage.

Once you've sorted Docker, you'd need to make your network take advantage of Pi-hole as your new DNS server.