Private host names not sent to upstream since v5.3.2

I'm using Pi-hole 5.1.2 and FTL 5.2 and i have set my local dns servers as upstream dns to resolve my local servers. It's working great. But once I upgrade to these versions, i cannot resolve my local servers, i see nxdomain regex blocked errors on query logs. Anyone experiencing same issue?

I isolated your post into a new discussion and hope the title is appropriate to your problem.

The reason for this is that we increased security/privacy to ensure only queries to also publicly reachable domains are sent upstream (typically upstream servers are 8.8.8.8 and similar).

Try to use Conditional Forwarding to get what you want. This is also the way it should have been configured with v5.1.2, however, v5.2 enforces the new security/privacy guidelines.

I hope you see this an improvement as well. If not, then we're always open for discussions. Nothing is set in stone with Pi-hole :slight_smile:

I have the same problem but not sure how conditional forwarding will help.

My internal network is "mydomain.com" but I also have external WAN addresss for one of my servers (a firewall actually) that is "serverexternal.mydomain.com" and has its address published to the root servers.

Before upgrading to 5.2 this all worked fine, when pihole could not find the DNS entry in DHCP or local lists it would querie the upstream servers and return the external address of serverexternal.mydomain.com now it does not.

I can add external addresses in "local DNS" but this does not seem a good idea (address may change) and I can't see how conditional forwarding will help ?

Hi, i upgraded again and set conditional forwarding, but no luck. Do I miss something? I simply want pi-hole forward queries to my local DNS (Microsoft AD) if there is no such local entries on pi-hole. I appreciate you increased security/privacy but there should be a way to make it work like before, right? :slight_smile:

I will put it on my ToDo to add an option to disable this extra privacy bit. For now, you should be able to get the previous behavior by manually editing /etc/dnsmasq.d/02-pihole-dhcp.conf and removing the line

local=/lan/

(or whatever your local domain is). Note that this may be reset if you do any DHCP-related changes on the web interface.

I'd appreciate a reply if that worked.


I see. The default configuration of Pi-hole does not cover this scenario where parts of the network under your "local" domain mydomain.com are only known to an upstream server. This somehow defeats the purpose of a local domain - but I can see why experienced users may want this. I, for instance, don't do this myself. At home I use the domain home.domain.com so my WiFi radio is radio.home.domain.com whereas my Internet server is at server2.domain.com. Tastes differ, but if disabling the config line about works for you as well, I'll be more than happy to just add a checkbox to the settings page to make this easily accessible and memorized during updates.

Did you try to untick Never forward non-FQDNs?

DL6ER, Thanks for that.

I use this so that I can use the same FQDN wether inside or outside my network Eg for my imap server.
I realise that my use case is probably above usual use.

I have commented out LOCAL=/myDomain/ before I saw your post and this seems to have corrected the "issue" can you clarify though was this the defualt in preV5.2 ?

[root@dns ~]# pihole -t | grep mydomain.com
16:54:40: query[A] imap.mydomain.com from 10.44.4.10
16:54:40: forwarded imap.mydomain.com to <ISPs DNS SERVER (Custom)>
16:54:40: reply imap.mydomain.com is <EXTERNAL IP)>
16:54:40: query[A] imap.mydomain.com from 10.44.4.10
16:54:40: cached imap.mydomain.com is <EXTERNAL IP)>
16:54:40: query[AAAA] imap.mydomain.com from 10.44.4.10
16:54:40: forwarded imap.mydomain.com to <ISPs DNS SERVER (Custom)>
16:54:40: reply imap.mydomain.com is NODATA-IPv6
16:54:41: query[A] consus.mydomain.com from 10.44.4.10
16:54:41: /etc/pihole/custom.list consus.mydomain.com is <EXTERNAL IP)>
16:54:41: query[A] consus.mydomain.com from 10.44.4.10
16:54:41: /etc/pihole/custom.list consus.mydomain.com is <EXTERNAL IP)>
[root@dns ~]# pihole -t | grep forwarded | grep mydomain.com
16:54:39: forwarded consus.mydomain.com to <ISPs DNS SERVER (Custom)>
16:54:40: forwarded imap.mydomain.com to <ISPs DNS SERVER (Custom)>
16:54:40: forwarded imap.mydomain.com to <ISPs DNS SERVER (Custom)>

editing conf file worked. thank you! :love_you_gesture:

no it doesn't work in my case. DL6ER's offer is working.

Interesting. I just looked at the code setting this line:

Check out even the commit message I wrote when changing this code :sweat_smile:

As you can see, the line is not added when the Never forward non-FQDNs is unticked and you click Save. This should have worked equally well. Can you try this again @SilverNerfer @ermngldzgn ?

So it seems we already have (and always had :wink: ) the required option but we may need to improve the help test accompanying it.

I revert back config file, and changed "never forward non-fqdn" to unticked, but it doesn't work, fyi. i also unchecked both options there, but again not working. only option that works for me now is editing and deleting that line.

Same here, I set up a watch on less /etc/dnsmasq.d/02-pihole-dhcp.conf

Toggling the "never forward non-fqdn" did not add or remove "local=/mydomain/"

Forgot to mention my OS is Centos 8

Okay, one last test, this may be a mere issue of which subroutine is processing what.

Please,

  1. untick the box,
  2. save the DNS settings
  3. switch to the DHCP settings tab,
  4. save here as well without any changes on this page.

How about local=/lan/ now?

Yes that works, starting with no "Local=/mydomain/" line unticking and saving in DNS does not work
then saving in DHCP does indeed add the line.

Works the same in reverse IE the second save in DHCP makes the change to the config file.

Thanks for the confirmation. This strange behavior will be fixed by

edit Let's also improve the description directly on the settings page

Glad to be of help !
Thanks for your help

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.