PiHole and PfSense - No ads blocked

GreenToast · May 1, 2019, 12:55am

Hello,

I am running pfsense and decided to add a PiHole. I set it up on my RP3. I Tested it by manually changing the DNS sever settings on my PC to look to the PiHole. Worked great. Switched my pc back to auto dns. IP of PiHole is 192.168.1.2. PfSense is on Netgate SG-3100. I then hooked it into my switch and changed the DNS settings on the PfSense under System>General>DNS Servers... Not blocking. ipconfig /rewnew, nothing. Reboot, nothing. Disabled DNS Resolver on PfSense, No internet at all. Enabled DNS forwarding on PFS, no change. Listed the PiHole under Services>DHCP Server under DNS servers, no change. Both PiHole and PFS are updated. Im not sure what im missing here. I am not willing to manulally set the DNS servers on all my devices since most are not PCs.

jfb · May 1, 2019, 1:40am

Generate a Pi-Hole debug log, upload it and post the token here. We can take a look at the configuration and operation of your Pi-Hole to rule that out as a problem.

GreenToast · May 2, 2019, 12:21am

Here is the token...I believe...
https://tricorder.pi-hole.net/2rgln636s0!

jfb · May 2, 2019, 12:47am

That's it. Your debug log shows that your Pi-Hole is operating properly. I would assign one of your PC or Mac clients manually to use Pi-Hole and verify that the Pi-Hole will accept and process DNS queries from that client. If it does, as I expect it will, then the problem is in the router/pfSense.

GreenToast · May 2, 2019, 1:24am

I know it is my router:

That is what i was hoping someone could help me with.

jfb · May 2, 2019, 1:47am

My error - I missed that detail. At least we have ruled out the Pi-Hole as the problem. Perhaps one of the pfSense users can help with the problem.

GreenToast · May 5, 2019, 2:30pm

No problem. Sorry if my reply sounded skarky. I wasn't sure how else to word it. I do appreciate the help.

jpgpi250 · May 5, 2019, 6:35pm

Assuming you are using pfsense DHCP services, but NOT the pfsense DNS forwarder service, and NOT the pfsense DNS resolver service, you want the pihole to do all of the DNS resolving.

These settings are used to instruct the pfsense to use these DNS settings, NOT the clients.
It's actually a good idea to make the pfsense use other DNS servers than the pihole, It will ensure the pfsense can always get to the internet, regardless of pihole.

In order to get the clients to use the pihole, you need to modify the pfsense DHCP settings:

Don't enter a DNS Server 2 value, unless you have two pihole's!

I have it running like this, works like a charm....

GreenToast · May 6, 2019, 9:54pm

Just to double check the settings I need to change ON THE PFSENSE BOX:
Services>DNS Forwarder>Enable DNS forwarder - UNCHECKED - AKA Disabled
Services>DNS Resolver>Enable DNS resolver - UNCHECKED - AKA Disabled
System>General Setup>DNS Server Settings - Enter Public DNS Servers - I.E. 1.1.1.1 or 9.9.9.9
Services>DHCP Server>Servers>DNS Servers> - Enter my PiHole IP address (192.168.1.2)
Does this sound about right?

jpgpi250 · May 7, 2019, 7:04am

Yes

I would recommend the following:

If you have an IPv6 address on the WAN interface, also enter the IPv6 addresses on System>General Setup>DNS Server Settings for the DNS servers you choose. It will make the pfsense more responsive. I had to refresh the home screen to get the update status of the system, this problem disappeared when adding the IPv6 entries. The package manager also responded better.
In System>General Setup>DNS Server Settings, use unfiltered DNS servers, I use openDNS.
Install the package Service Watchdog and configure it to monitor the DHCP service.

system · May 28, 2019, 7:04am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.