Unifi Network Pi-hole configuration

I am completely new to this.

I believe I am trying to use the pi-hole as a dns server. I am looking to achieve whole home ad blocking.

I have fixed the pi-hole at 192.168.1.243

I tried to change the DNS name server to this IP address. It doesn’t do anything. I disconnected my phone and reconnected to the network. I then tried to block a site via the pi-hole and it didn’t block anything. Same with a laptop reconnected to the network.

Is it possible my current firewall settings are not allowing the pi-hole access to do its job?

Ideally, I would like to have it work on a small vlan before trying to open it up across multiple vlans.

@t0207 The Pi-hole is not a DNS server, per se. Instead it is a DNS Proxy or Relay that first filters DNS requests, and then, submits the non-filtered requests to recursive DNS servers (of your choosing) over the Internet.

With UniFi HW, you only need to enter the local IP address of your Pi-hole in the Network settings in the UniFi Controller. It appears that your Pi-hole is located on the native LAN with the IP address that you provided in your post.

To keep this simple, you should test your Pi-hole with a host on that same native LAN to verify that it works. Have you done this already?

If I manually change the DNS settings for my laptop connected by ethernet to the native network (LAN) 192.168.1.xx, it originally worked. After I reverted this to the original settings (192.168.1.1) my USG4 I could not reproduce the Pi-hole working when I tried to manually change it again.

I reset my computer etc and it is now set to 192.168.1.1 for DNS on my laptop. I have it connected to the native network.

For my next step, should I change the DNS name server in the settings of UniFi to 192.168.1.243 (Pi-Hole IP Address) for the native network?

For reference, the clients connected to this network are my laptop, the Cloud KeyGen 2 Plus, the Pi-Hole, 6 UniFi cameras, the USG, 4 APs, and 3 UniFi switches.

Should I disable my firewall for now?

Thanks for your help.

@t0207
Is this laptop configured as a DHCP client or are you assigning it a static local IP address. If the latter, reconfigure it as a DHCP client so that it will get its IP addresses from the DHCP service on your USG4.

Now, in the UniFi Controller, assign the IP address of your Pi-hole as the DNS server for the native Corporate LAN network. Only assign the Pi-hole. Remove any additional DNS servers you may have added to this network.

Restart the laptop or refresh its DHCP settings. Does it now show the Pi-hole as its DNS server? If they are both on the same network, it should.

Yes, I have it as DHCP. I changed the name server and the laptop now shows the router as the USG (192.168.1.1) and the Pi-Hole (192.168.1.243) as the DNS server. It appears to be blocking ads on the laptop. However, if I blacklist a site on the pi-hole admin console, it does not block the domain if I try to access it. It used to when I manually set the DNS server for the laptop previously. Is it not supposed to be able to do this?

If you access a domain on a client and block it afterwards in pihole, the client might be able to still resolve the domain for a certain amount of time because it uses it own cache before querying pihole again.

I tried using an incognito browser and also a separate browser and it still was able to access the sites

@t0207
Unfortunately, I do not have access to your debug results.

So, let's double-check that your Pi-hole is working.

First, using Terminal (macOS) or the Command Prompt (Windows), enter the following command: nslookup pi.hole

Then test for a known blocked domain: nslookup flurry.com

If both of these were successful, your Pi-hole is working.

MacBook-Pro:~ ***$ nslookup pi.hole

Server: 192.168.1.243

Address: 192.168.1.243#53

Name: pi.hole

Address: 192.168.1.243

MacBook-Pro:~ ***$ nslookup flurry.com

Server: 192.168.1.243

Address: 192.168.1.243#53

Non-authoritative answer:

Name: flurry.com

Address: 212.82.100.153

Name: flurry.com

Address: 74.6.136.153

Name: flurry.com

Address: 98.136.103.26

Does the above mean it is working?

@t0207
The first result verified that your laptop can find and use the Pi-hole. However, the second result shows that the site was not blocked.

The Moderators will need to assist you as they have access to the debug file that you provided them.

Please post a fresh debug token. The original has expired.

https://tricorder.pi-hole.net/68znlyb42u

thank you

Are you able to assist with token i provided? Thank you

Pi-hole is not blocking because you have it disabled:

BLOCKING_ENABLED=false

That sounds like an easy fix. Is it somewhere on the admin page or done via ssh

I tried ssh typed the command pihole enable

Blocking has an “i” in the box

It can also be done on the admin page.

I was able to get it to block flurry.com on testing. It returned 0.0.0.0. This was connected by ethernet to the native network.

I then set the name server to 192.168.1.243 for another VLAN which I use for my personal devices and connect by wifi.

I restarted my computer. It does not look like the VLAN network is communicating with the pihole.
I tried nslookup pi.hole and it returns:

MacBook-Pro:~ ***$ nslookup pi.hole
Server: 192.168.1.1
Address: 192.168.1.1#53
** server can't find pi.hole: NXDOMAIN

I have turned off all firewall rules in case this was the issue but it's the same.

Of note, I am able to ping pi-hole (192.168.1.243) from the laptop connected to wifi via private vlan (192.168.10.12) and I am able to ping the computer via ssh connected to the pi-hole.

Lastly, if I set the name server as the pi-hole for the VLAN and connect via ethernet to this vlan, it does state that the DNS server is the pi-hole. However, there is no internet connectivity. I cannot ping the pi-hole.

Another test. I created a wifi network for the native LAN. I get the same result as all VLAN when trying nslookup pi.hole. no blocking for flurry.com

While connected to a configured wireless network that points to the Pi-Hole, if I set the DNS server on my laptop directly, everything works. If I revert back to 192.168.1.1 (USG) it doesn't work again.

Anybody have any thoughts? UI support couldn't help me.