The issue I am facing:
I'm new to this, so forgive me if I'm not using all the terms properly.
I've searched online and I found conflicting advice on how I should setup my network to best use pfsense and pihole together while using unbound to resolve dns queries.
I currently have 2x pi-holes, one running on bare metal and another on a docker container. These two pi-holes are also synced using gravity sync. I have the pi-hole running on bare metal using unbound, but I'm struggling to do the same with the second pi-hole (it is pointing to cloudflare as the upstream dns server at the moment).
I'm about to add a router with pfsense to my network, and I was hoping to use it to resolve all my DNS queries locally with unbound. Specially because I'm having a hard time using unbound on my containerized pi-hole. However, I've seen people recommending using pi-hole to be the DNS resolver, even when you have pfsense, so I don't know whether I'm doing the right thing or not.
So, my questions are:
Are there any disadvantages to have pfsense be my dns server using unbound vs using pi-hole?
Is it possible to have unbound only running on pfsense, and have my two pi-holes use it as my upstream dns resolver?
How should I set-up my network so I don't loose the high-availability I've achieved with the 2 Pi-hole setup?
Details about my system:
Today:
Modem -> Router & WAP -> Switch (8 port) -> Pi-hole + Docker Host + Other Devices
Tomorrow:
Modem -> Router with pfSense (4 port) -> Pi-hole + WAP + Switch (8 port)-> Docker Host & Other Devices*
*I have an extra 4-port switch that I could add for redundancy (not sure how to best use it)
I'm new to all this, so I guess I'm struggling to ask the right questions.
Let me rephrase my first question.
Are there any disadvantages to have both Pi-holes point to pfSense as their upstream DNS server as opposed to have each Pi-hole point to themselves as their upstream DNS server?
If you'd really point your Pi-hole to use itself as upstream, you'd have created an endless DNS loop.
I guess you mean how using unbound on the same machine as Pi-hole would compare to having Pi-hole use unbound on your pfsense as its sole upstream resolver.
Pi-hole's forwards for DNS requests would be a tad bit slower (by introducing a few ms of latency of the network connection from Pi-hole's host machine to your pfsense).
But as Pi-hole also applies caching, you'd hardly notice a difference on the client side.
By using just a single instance on your pfsense, unbound would also become a single point of failure. If unbound would stop operating on your pfsense for any reason, both of your Pi-holes would not have upstream DNS resolution anymore.
I'd consider that unlikely, though.
I added both my Pi-holes IP Addresses to pfSense as the DNS Server
I then added on each Pi-hole the IP Address and Port of the DNS resolver on my pfSense router.
Internet is working, but none of my requests are showing up on any of the two pi-holes. Any thoughts on what I might be missing?
