Router not routing Pihole Fully

Help
1

Expected Behaviour:

Ads are not being blocked through pihole. The device I'm using to test recognized my PIhole as it's DNS server.

  • Diet Pi v10.3.3
  • RPi 4 Model B
  • Ubiquiti Unifi

Actual Behaviour:

In unifi, if I change the DNS on an internet level, the ad blocking functions as expected. This is bad practice, however as my router will be the only client.

When I set up DNS on a network level, Networks,→ deselect "auto dns server" and inputting my pihole IP, the ads stop being blocked.

NSlookup on my pihole returns the IP address but not the server name. Not sure if this is part of the issue.

I have unbound installed but have not gotten a chance to set it up.

Debug Token:

https://tricorder.pi-hole.net/pr2ygMWS/

2

I'm not able to view the Debug token for some reason but if someone could share it that could help as well.

3

You can't open the link because you are not part of the Pi-hole team.

For security reasons, only team members are able to see online logs.
You can see your own log at /var/log/pihole/pihole_debug.log.

4

Your debug log shows your router is currently advertising itself as DNS server:

dns-server: 192.168.1.1
router: 192.168.1.1

As you already said, if you want to see individual clients, you will need to set Pi-hole on the DHCP/LAN settings of your router.

Did you renew the DHCP leases of your clients after changing that?

If you didn't, the clients won't know that you changed the DNS server.

Change the settings again, then renew the DHCP lease on every client.
After that, run these commands on a computer (not on Pi-hole machine) and post the output:

nslookup google.com

nslookup google.com 192.168.1.53
5

Unifi user here. In addition to setting the DNS on the individual Network, you should also consider going back to the DNS on the "internet level" and change it to either Auto DNS Server - which should use the ISP-provided DNS - or a Public DNS server like 8.8.8.8, 9.9.9.9 or whatever you choose. Otherwise, you'll flood the Pihole with all the ui.com traffic the gateway/router uses.

6

A lot of that can be disabled either in the UniFi Controller webGUI or by placing the right file in the right directory with the right content of your UniFi Site on your UniFi Controller :slight_smile:

Maybe there is more by now, but this is all that I use to do in the past to disable as much as possible for my UniFi stuff :grimacing:

7

Yes there are always ways around things, but I'm talking about using the GUI on Unifi as it's intended to be used, in a manner that won't go away when you reboot or update, etc.

This is not a competition, I was just advising that using Pihole to resolve ALL your DNS including the lookups performed by the network hardware can make the logs very busy. What do I care if my hardware, which I bought from Unifi, used ui.com to verify I'm actually on the Internet?!? At the same time, I don't need Pihole to fill up my logs with thousands of lookups to ui.com.

The things you describe can indeed be set as such, but you potentially lose some functionality. If you understand what you're giving up, that's fine, but blindly telling folks such things is no better than advising Windows registry hacks or running Linux scripts without context.:roll_eyes:

8

It appears you have, since Pi-hole is using it for DNS service.

[dns]
     upstreams = [
       "127.0.0.1#5335"
     ] ### CHANGED, default = []

Your DHCP server is showing the router as the DNS server. What DNS server(s) is the router using?

      domain-name: "localdomain"
      broadcast: 192.168.1.255
      dns-server: 192.168.1.1
      router: 192.168.1.1
11

The stuff I described never gets overwritten AFAIK :slight_smile:

My post wasn´t either ?!

I am not saying you MUST DO IT but simply that there are things you CAN DO if you feel like it...

If not... Well... Guess what... That's fine too! :grimacing::+1::+1:

12

Hello,

Thank you so much. When you mentioned my router not showing itself as a DNS server it made me look back at a setting that I had previously believed broke my admin interface on UNIFI. When I first encountered this I didn't realize my pihole was up as I was too distracted trying to get back into the admin portal.

I forced the dns setting again, and my pihole started working. It did break direct access to my admin portal but I was able to work around that.

13

Hello,

One of my original attempts was setting it on an internet level, and it worked. My issue was that it made it so all queries would show up as my router rather than individual devices. Do you get the same thing?

14

To get queries attributed to individual devices, you have to go to Unifi Settings/Networks, then scroll down to "Auto DNS Server" and uncheck this box. Then you can type in your Pihole's IP address in "DNS Server" just below.

Repeat this process for each network/VLAN you have defined in Unifi Settings. If you do use more than one network/VLAN, make sure you have Conditional Forwarding configured in Pihole.

To finish, at least in my case, you can go to Settings/Internet. Here, you can either use "Auto DNS Server" to use the DNS provided by your ISP (assuming it assigns via DHCP) or uncheck this and specify the DNS server(s) to use -- I use public DNS servers here so that Unifi hardware does not go through my Pihole, while still telling client devices to use Pihole.