PiHole as DHCP and DNS for multiple VLANs & subnets

procopotode · March 19, 2021, 11:53am

I know this is a non-standard setup and a multi-disciplinary request, but I'm trying to get my PiHole to serve DHCP addresses (and, after that's working, resolve / block DNS queries) on multiple subnets which are on multiple VLANs. My plan is:

✅ Create L3 VLANs on switch (VLAN66)

✅ Establish virtual interface eth0.66 for VLAN on Pi

Installed VLAN package:

sudo apt-get instal vlan

Created virtual interface:
/etc/network/interfaces.d/vlans:

auto eth0.66
iface eth0.66 inet manual
  vlan-raw-device eth0

Assigned addresses:
Appended /etc/dhcpcd.conf:

# VLAN interface definitions

interface eth0.66

static ip_address=192.168.66.2/24
static domain_name_servers=192.168.66.2

Previous tail of /etc/dhcpcd.conf:

#fallback static_eth0

interface eth0

static ip_address=192.168.28.2/24
static routers=192.168.28.1
static domain_name_servers=192.168.28.1

sudo service networking restart
sudo pihole restartdns

I can ping in and out of this interface fine.

Set DNSMASQ to serve original range to eth0
Set DNSMASQ to serve new range to eth0.66
Set DNSMASQ to resolve queries from VLAN
Set PiHole to display both subnet queries in dashboard

If I add the following to /etc/dnsmasq.d/09-custom.conf DNS and DHCP stops working on the eth0 interface and DHCP does not start on the eth0.66 interface:

#VLAN 66 dirty DHCP and DNS congig
#router
dhcp-option=eth0.66,3,192.168.66.1

#dns server
dhcp-option=eth0.66,6,192.168.66.2

#dhcp range
dhcp-range=eth0.66,192.168.66.10,192.169.66.200,255.255.255.0,24h

Question: I think this is because the default PiHole config in /etc/dnsmasq.d/02-pihole-dhcp.conf does not specify an interface?

###############################################################################
#  DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE.  #
#            ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE             #
###############################################################################
dhcp-authoritative
dhcp-range=192.168.28.10,192.168.28.249,24h
dhcp-option=option:router,192.168.28.1
dhcp-leasefile=/etc/pihole/dhcp.leases
#quiet-dhcp

Have I done something wrong here? Is my theory about the default config not specifying an interface correct? If so, how do I resolve this? If not, any ideas why this isn't working?

Thank you.

Systems:
Ubiquity UniFi setup (USG, SW-8s, AP-Pros)
PiHole on Pi 3b, wired

Tntdruid · March 19, 2021, 1:44pm

You can do that much faster whit etc isc dhcp server.

https://www.ossramblings.com/using-multiple-vlan-with-dhcp-ubuntu

procopotode · March 19, 2021, 1:48pm

Interesting, thank you.

Would this work alongside the PiHole DNSMASQ DHCP server? Or should I use that as the DHCP on eth0 as well?

Once I have this running (I'll give it a test now), would this impact the next steps of getting PiHole to serve DNS on the VLAN?

Tntdruid · March 19, 2021, 2:41pm

Only as the dhcp server.

Bucking_Horn · March 19, 2021, 8:46pm

Not in that file, anyway.

Pi-hole's Interface listening behaviour is accessible via its UI, and it affects DNS as well. For your purpose, you'd have to change it to one of the Listen on all interfaces options.

You'll find the corresponding option in 01-pihole.conf, and I strongly advise against customising it in any way, i.e. do not change that file and do not add a separate custom file with additonal interfaces.

It would seem dnsmasq's documentation doesn't mention specifying a network interface for the dhcp options you are using.

You could consider using tags to tackle your issue..

dnsmasq would assign DHCP leases from a dhcp-range matching the address/subnet of the network interface that the DHCP request arrived on.
This may also mean you have to add a separate interface for each of your VLANs.

Try using the following

dhcp-range=set:vlan66,192.168.66.10,192.169.66.200,24h

The above line also defines a tag named vlan66. That could instead also be IoT or whatever seems appropriate to you. The name itself isn't signifcant, it just acts as a unique identifier.
That tag can then be used to configure a subnet specific dhcp-option only distributed for matching tags, in your case, e.g.:

dhcp-option=tag:vlan66,option:router,192.168.66.1
dhcp-option=tag:vlan66,option:dns-server,192.168.66.2

procopotode · March 22, 2021, 12:13pm

it turns out my initial config was mostly correct, but I had been dumb and one of my switch trunk ports wasn't trunked.

system · April 12, 2021, 12:14pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.