PiHole config with mesh

sir_troy · March 5, 2023, 10:40pm

Dell OptiPlex 7040 Micro - Intel i5 6500T 2.50GHz; 16GB DDR4 RAM; 500GB PCIe 3rd Gen SSD
Ubuntu running Pi-hole [v5.15.5] | FTL [v5.21] | Web Interface [v5.18.4]
Setup as follows Ethernet Broadband Connection --> TP Link Router Archer VR500v --> Tenda Nova MW3 Mesh
Dell Optiplex 7040 is connected via wifi to the TP Link Router on 192.168.1.xxx
Tenda Nova Mesh is broadcasting a separate wifi network on the 192.168.5.xxx range to which most devices on the home network are connected.
Tenda has an idiotic system where you can only access its settings from a mobile app which is very buggy (and cannot access the device via web browser) - also it does not permit static IP address setting - so that is why I have connected the Dell Optiplex to the TP link router rather than to the Tenda mesh network

Actual Behaviour:

in PiHole > Settings > DNS > Interface Settings - I need to have [permit all origins] selected. The other 3 options (allow only local requests, respond only on interface, bind only to interface) will cause devices connected to the mesh to get a DNS error. Otherwise it is working properly

Expected Behaviour:

I am not very familiar with web security stuff - so not sure if this is a security liability having permit all origins selected - or if it is okay within my home network.

Bucking_Horn · March 5, 2023, 10:59pm

Run on your Pi-hole host machine, what's the output of:

ip -4 address

sir_troy · March 5, 2023, 11:15pm

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
8: wlx90de8037b88e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.1.200/0 brd 255.255.255.255 scope global noprefixroute wlx90de8037b88e
       valid_lft forever preferred_lft forever

Bucking_Horn · March 5, 2023, 11:28pm

Your Pi-hole host lists just one network interface.

Your configuration description reads as if you should be able to switch Pi-hole's Interface settings to Respond only on interface wlx90de8037b88e, as there is no other interface that your client's queries can be received through.

When you switch to that option, what's the output of the following command, run from a device that is connected via Tenda (preferably a desktop or laptop),

nslookup pi.hole

nslookup flurry.com

sir_troy · March 5, 2023, 11:41pm

It only shows: "Respond only on interface enp0s31f6", also I only have the one device running ubuntu (ie the one hosting pihole). I'll try doing a boot from a usb with ubuntu and clicking the " Respond only on interface enp0s31f6" on one of my windows devices and then get back with the results. Thank you!!!

sir_troy · March 5, 2023, 11:50pm

With pihole set to permit all origins

ubuntu@ubuntu:~$ nslookup pi.hole
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: pi.hole
Address: 192.168.1.200
Name: pi.hole
Address: fe80::62bd:3f6c:59fd:f9ed

ubuntu@ubuntu:~$ nslookup flurry.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: flurry.com
Address: 98.136.103.23
Name: flurry.com
Address: 74.6.136.150
Name: flurry.com
Address: 212.82.100.150

sir_troy · March 5, 2023, 11:54pm

With pihole set to Respond only on interface enp0s31f6
ubuntu@ubuntu:~$ nslookup pi.hole
;; connection timed out; no servers could be reached

ubuntu@ubuntu:~$ nslookup flurry.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: flurry.com
Address: 74.6.136.150
Name: flurry.com
Address: 98.136.103.23
Name: flurry.com
Address: 212.82.100.150

Bucking_Horn · March 5, 2023, 11:57pm

Your Pi-hole is not configured for the correct interface.
To change that, run
pihole -r
and choose Reconfigure.

sir_troy · March 6, 2023, 12:01am

thanks again! just running that now with the other interface - just out of curiosity what is the 'interface' that we are selecting?

With Respond only on interface wlx90de8037b88e selected

ubuntu@ubuntu:~$ nslookup pi.hole
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: pi.hole
Address: 192.168.1.200
Name: pi.hole
Address: fe80::62bd:3f6c:59fd:f9ed

ubuntu@ubuntu:~$ nslookup flurry.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: flurry.com
Address: 98.136.103.23
Name: flurry.com
Address: 212.82.100.150
Name: flurry.com
Address: 74.6.136.150

sir_troy · March 6, 2023, 12:13am

Web access through devices connected to the mesh seem to be working now, just have some errors with some of the adlists though. edit - seems that this is just when the update is done it checks current adlists and shouldnt be a problem?