I've been using pi-hole (now v6) on my rasberrypi5 (PiOS 19-NOV-2024) for about a year and it's been working like a champ. I recently configured it to use unbound and got that working too.
Unfortunately my ISP's (AT&T Uverse/Internet) router "Residential Gateway" (Nokia BGW320-505) doesn't allow me to change it's DHCP config to substitute my pi-hole as the default DNS server. I've been manually configuring each device to use the pi-hole. Ugh. So I thought I'd try using the pi-hole as a DHCP server. Seems simple enough, but then I remembered my RG has a "guest" WiFi network that allows devices access the Internet using my WiFi without exposing my home network to those devices. It comes in handy now and then.
Methinks if I disable the DHCP server on the RG and enable the DHCP server on my pi-hole, it would break the guest network because devices on the guest network wouldn't be able to query the pi-hole DHCP server that's on the home network.
My pi-hole is hard-wired to my home network on eth0. If I turn on my pi-hole's WiFi wlan0 device and configure it to connect to my guest SSID, it would then be connected to both my home and guest networks and thereby able to service DHCP requests on both, right? But I don't see anything in the pi-hole webadm /admin/settings/dhcp config that would allow me to say "use this range on eth0 and this other range on wlan0". Not even if I enable "expert" mode.
Is what I'm trying to do possible with my pi-hole? There's probably other glaring issues I'm missing like the can of worms opened by my pi-hole being connected to multiple networks, but I thought I'd start with this and let others tell me what I'm doing wrong.
I'd have to expose the pi-hole DNS port on the guest side too. Unless the pi-hole DHCP config allowed me to respond with the RG as the DNS on the guest side and the pi-hole as the DNS on the home side. More complications.
And I'd probably want to limit binding to wlan0 only to the pi-hole DHCP server, and potentially the pi-hole DNS server depending upon the flexibility of the pi-hole DHCP server config.
I decided baby steps were in order and turned off the guest network for now.
I got the pi-hole DHCP server working yesterday. I had some problems of my own making. But overall it was easy peasy.
(Unfortunately, I decided to re-org the ip assignments for ${REASONS}. In the process I screwed up the dhcp config and had to repave. On the /admin/settings/dhcp page I multi-chose several rows/checkboxes in the "Currently active DHCP leases" table then clicked the bottom trash can to delete them and all hell broke loose. The table repainted with all garbage data. I refreshed the page, still garbage. I logged out and back in, still garbage. I panicked... repave. So I've lost any audit trail for why it happened. But I thought I should mention it anyway.)
When you say "Bind another Pi-Hole DHCP Server instance to your Guest LAN" I'm assuming you imply attaching the current pi5 unused wlan0 to the guest SSID. Then bind another DMSMASQ instance to that wlan0 interface? If I do that, I'd then also have to re-config all other processes (:22, :80, :443) that bind to "any" to only bind to the lan side, which I think is what you meant with the first bullet. I'll read up on that DNSMASQ manpage, thank you. I assume I won't be able to manage that second DNSMASQ instance through the pi-hole webadm? That seems obivous, but I thought I'd confirm.
I realize this strays outside the bounds of this discussion. But on a sysadm level I'd now have the pi5 listening on two networks. I don't want to turn it into a router. And I'd want the lan side to be favored for normal outgoing traffic from the pi5. To accomplish that, is there something I'd need to specifically configure or does it automagically occur when I turn up wlan0? Are there race conditions to watch out for? It's been a while. I appreciate your insight.
So I got eth0 (home network) and wlan0 (guest network) up on the Pi5 using static IPs (static IP configuration was a trip) and I've mod'd sshd and avahi.daemon to only use eth0. Then installed and configured pi-hole on eth0 and unbound on lo. Nothing new here: works like champ. wlan0 just sitting there unused but working (I brought down eth0 and made sure my traffic still got out over wlan0 to confirm that path was working).
Now I'm reading the DNSMASQ manpage to bring up another DNSMASQ instance just for wlan0 and I have some questions:
How will I manage (add/delete/update) the wlan0.DNSMASQ filter lists? I can't imagine eth0:80/admin/ will know anything about my wlan0.DNSMASQ instance.
Will I need to (manually) schedule a separate "update filter lists, run Gravity" job for wlan0.DNSMASQ?
Maybe this will all be revealed after I grok the DNSMASQ manpage.
