Lessons / Tips On Forwarding DNS to Pihole Upstream
Ran into some issues when setting up pihole as the upstream DNS for Firewalla. Didn't see any wiki articles, so decided to post some solutions here. (Sorry if this is the wrong forum for this.)
The Setup
- DNS Clients point to FIrewalla (e.g. 192.168.1.1, etc)
- ISP Network (WAN) Set Upstream Primary & Secondary to Pihole (e.g. 192.168.1.2)
- DNS over HTTPS / Unbound Disabled
- DNS Booster (Caching) = On
Issue 1: Internet Check / Network Diagnostic Fails
When Firewalla makes the DNS check as part of healthchecks it will come from your WAN IP in this setup.
Pihole by default is set to drop all "non-local" traffic.
SOLUTION
Settings > DNS > Interface : Change to listen to eth0 (or BIND on eth0)
Issue 2: All clients appear to be Firewalla
When you check query logs in pihole all clients look like the Firewalla interface.
SOLUTION
- SSH into Firewalla
- Create a dnsmasq rule file, e.g.:
$ cat ~/.firewalla/config/dnsmasq_local/zzz-001-forward-ip.conf
add-subnet=32
-
sudo systemctl stop firerouter_dns
-
sudo systemctl start firerouter_dns
Please sign in to leave a comment.
Comments
0 comments