Pihole with multiple vlans

mcintken · December 9, 2025, 7:29pm

The issue I am facing:

Used dietpi to install pihole + unbound for my main network (0). That all works great. However, I want to get it to work on vlans (1, & 11) as well. https://discourse.pi-hole.net/t/how-to-allow-vlans/75216 seems to imply that it is possible but I can’t get it to work.

Without any of these changes would see the ignoring query from non-local network 192.168.11.x

Pretty limited knowledge about creating vlan interfaces and if I changed what I was supposed to here. Any help or guide of what I should be doing or changing would be great.

I had pointed all the vlans dns servers to the pi’s static ip and changed the dns.listeningMode to all which worked but didn’t want to leave it like this. Rather have it just the eth0 and the vlans.

Details about my system:

Pi 5 with latest Dietpi installed

What I have changed since installing Pi-hole:

installed vlan

sudo apt install vlan
modprobe 8021q
sudo su -c 'echo "8021q" >> /etc/modules'

/etc/network/interfaces.d/vlans

# VLAN 1 – no gateway!
auto eth0.1
iface eth0.1 inet static
    vlan-raw-device eth0
    address 192.168.1.2
    netmask 255.255.255.0

# VLAN 11 – no gateway!
auto eth0.11
iface eth0.11 inet static
    vlan-raw-device eth0
    address 192.168.11.2
    netmask 255.255.255.0

Add both vlans interfaces

sudo ifup eth0.1
sudo ifup eth0.11

/etc/dnsmaq.d/101-my.settings

interface=eth0     # default lan
interface=eth0.1   # vlan 1
interface=eth0.11  # vlan 11

/etc/pihole/pihole.toml

[Misc]
  # Should FTL load additional dnsmasq configuration files from /etc/dnsmasq.d/?
  #
  # Warning: This is an advanced setting and should only be used with care.
  # Incorrectly formatted or config files specifying options which can only be defined
  # once can result in conflicts with the automatic configuration of Pi-hole (see
  # /etc/pihole/dnsmasq.conf) and may stop DNS resolution from working.
  #
  # Allowed values are:
  #     true or false
etc_dnsmasq_d = true

Pihole UI changes

Custom DNS servers: 127.0.0.1#5335 ← for unbound

Conditional forwarding

true,192.168.0.0/24,192.168.0.1
true,192.168.1.0/24,192.168.1.1
true,192.168.11.0/24,192.168.11.1

dns interface eth0

dns.listeningMode - Have tried toggling through all of these with no luck (expect all since I dont want to accidentally make this an open resolver)

Updated unifi networks

main (0) dns server → 192.168.0.108 (the static ip of the pi)

guest (11) ← tried pointing this to either 192.168.0.108 or 192.168.11.2 (neither worked). At the moment vlan(11) is back to pointing at 1.1.1.1.

Log if you need/want it

https://tricorder.pi-hole.net/noDSuVm7/

robgill · December 9, 2025, 7:57pm

This doesn't look right. You're only bringing one interface up here (twice).

mcintken · December 9, 2025, 8:11pm

Sorry that was a typo on the post (I’ll fix it)

If I run ip a I see

eth0

eth0.1

eth0.11