Expected Behaviour:
I am trying to set up a Pi-Hole network wide. I tried following a youtube video regarding this. Initially, I was able to follow to the point where, over ethernet, I set up the DNS server to the Pi-Hole (IP: 192.168.1.243). I was able to obtain an IP via the Pi-Hole, locally. I tested blacklisting sites and it worked.
Then, as instructed, I removed the local DNS server address that pointed to the Pi-Hole. Changed the name server in the Unifi settings for each of the LAN networks to point to the Pi-Hole address.
No device on any of the VLANs or the wired networks obtain an IP address from the Pi-Hole. Testing blacklisting doesn't yield any changes.
I reverted back to normal for the Unifi settings and re-attempted setting up the DNS server locally and now that even isn't working
Are you trying to set Pihole as DNS Server for your clients or as DHCP server handing out IPs to the clients.
In case of DNS Server: After you have set pihole's IP as DNS server to be distributed by DHCP, you have to dis/reconnect each device once from the network to pick up the new settings.
For each Corporate VLAN network, just enter the local IP address of the Pi-hole. In my case, I run redundant Pi-holes on my native LAN. Each of the VLANs that I want their respective hosts to use the Pi-holes for DNS servicing, I have the following set up:
I believe I am trying to use the pi-hole as a dns server. I am looking to achieve whole home ad blocking.
I have fixed the pi-hole at 192.168.1.243
I tried to change the DNS name server to this IP address. It doesn’t do anything. I disconnected my phone and reconnected to the network. I then tried to block a site via the pi-hole and it didn’t block anything. Same with a laptop reconnected to the network.
Is it possible my current firewall settings are not allowing the pi-hole access to do its job?
Ideally, I would like to have it work on a small vlan before trying to open it up across multiple vlans.
@t0207 The Pi-hole is not a DNS server, per se. Instead it is a DNS Proxy or Relay that first filters DNS requests, and then, submits the non-filtered requests to recursive DNS servers (of your choosing) over the Internet.
With UniFi HW, you only need to enter the local IP address of your Pi-hole in the Network settings in the UniFi Controller. It appears that your Pi-hole is located on the native LAN with the IP address that you provided in your post.
To keep this simple, you should test your Pi-hole with a host on that same native LAN to verify that it works. Have you done this already?
If I manually change the DNS settings for my laptop connected by ethernet to the native network (LAN) 192.168.1.xx, it originally worked. After I reverted this to the original settings (192.168.1.1) my USG4 I could not reproduce the Pi-hole working when I tried to manually change it again.
I reset my computer etc and it is now set to 192.168.1.1 for DNS on my laptop. I have it connected to the native network.
For my next step, should I change the DNS name server in the settings of UniFi to 192.168.1.243 (Pi-Hole IP Address) for the native network?
For reference, the clients connected to this network are my laptop, the Cloud KeyGen 2 Plus, the Pi-Hole, 6 UniFi cameras, the USG, 4 APs, and 3 UniFi switches.
@t0207
Is this laptop configured as a DHCP client or are you assigning it a static local IP address. If the latter, reconfigure it as a DHCP client so that it will get its IP addresses from the DHCP service on your USG4.
Now, in the UniFi Controller, assign the IP address of your Pi-hole as the DNS server for the native Corporate LAN network. Only assign the Pi-hole. Remove any additional DNS servers you may have added to this network.
Restart the laptop or refresh its DHCP settings. Does it now show the Pi-hole as its DNS server? If they are both on the same network, it should.
Yes, I have it as DHCP. I changed the name server and the laptop now shows the router as the USG (192.168.1.1) and the Pi-Hole (192.168.1.243) as the DNS server. It appears to be blocking ads on the laptop. However, if I blacklist a site on the pi-hole admin console, it does not block the domain if I try to access it. It used to when I manually set the DNS server for the laptop previously. Is it not supposed to be able to do this?
If you access a domain on a client and block it afterwards in pihole, the client might be able to still resolve the domain for a certain amount of time because it uses it own cache before querying pihole again.
I have turned off all firewall rules in case this was the issue but it's the same.
Of note, I am able to ping pi-hole (192.168.1.243) from the laptop connected to wifi via private vlan (192.168.10.12) and I am able to ping the computer via ssh connected to the pi-hole.
Lastly, if I set the name server as the pi-hole for the VLAN and connect via ethernet to this vlan, it does state that the DNS server is the pi-hole. However, there is no internet connectivity. I cannot ping the pi-hole.