DNS forwarding - Pi-Hole and caching of local lookups
This article (link) states the following;
If client DNS is set to Gold's LAN IP
DNS traffic from the client will first be sent to Gold. All DNS based features will work and if DNS cache is not hit on Gold, it will be further forwarded to pi-hole in the local network for resolution.
In the above scenario - how does the FWG forward lookups to the pi-hole DNS server? Where is DNS forwarding configured? I can only see any DNS settings for a LAN segment if I enable DHCP for that segmant. Otherwise, I can't see any way to forward all or some DNS to my pi-hole DNS server.
And if I have Ad-Block or Family protect, doesn't FWG forward lookups upstream anyway?
The only way I can see this working is if I have ad-block/family features disabled and the LAN segment has DHCP enabled, pointing at the pi-hole DNS server, and the pi-hole DNS server forwards back to the FWG for external name resolution. The annoyance with this is, all external lookups will be sent to the pi-hole and back to the FWG and then upstream, unless they're already cached.
To that point, does the FWG cache all addresses, including any internal address from the pi-hole DNS server?
Having DHCP policies would be ideal, so I could set some devices to use the FWG for DNS and other devices my pi-hole via a VLAN or seperate network. Better still, being able to selectively forward lookups for my internal domain to the pi-hole would be the ultimate.
Has anyone found a good solution?
Thanks in advance for any ideas.
-
This article may help on how the DNS service works https://help.firewalla.com/hc/en-us/articles/4570608120979-Firewalla-DNS-Services-Introduction
The DNS cache on the FWG shouldn't care what your upstream DNS server type (pi-hole or cloudflair ... or something else)
Please sign in to leave a comment.
Comments
1 comment