How to run external pi-hole on the Firewalla Gold

Gold with Pi-hole not resolving some of the DNS entries?

Here is an alternative way to make domain block work with pihole in the network:

1. Create another local network segment on the Firewalla Gold

2. Move the pihole to the newly created network

3. Change the DNS server in the old network's DHCP options to the new IP address of pihole

This way, all DNS traffic from other devices to pihole will go through Gold and DNS-based features will

Common Problems:

Never Change the Firewalla Gold's WAN DNS to Pi-hole, unless you know what you are doing. 

If client DNS is set to pihole's IP address

Since the client and pihole are in the same network, the DNS traffic is directly sent to the pihole and will not go through layer 3 (IP layer) of Gold. Therefore, DNS interception on Gold will not take effect and DNS-based features will not work.

If client DNS is set to Gold's LAN IP

DNS traffic from the client will first be sent to Gold. All kinds of DNS-based features will work and if the DNS cache is not hit on Gold, it will be further forwarded to pi-hole in the local network for resolution.