Redirect DNS queries to PiHole in Docker
-
Dear community,
I've googled many many hours, tried (and errored) to solve my problem with no success, so I'd like to ask here for a solution.
I'd like to redirect as much as possible DNS queries from my local LAN to a PiHole-Server on the same subnet.
PiHole-IP is 10.10.1.87, pfsense-IP is 10.10.1.1. DHCP on pfsense is running and distributes 10.10.1.87 and 9.9.9.9 as DNS servers.
DNS on pfsense is running only as resolver.
Now I've configured a NAT port forwarding rule as follows:
Interface LAN, Proto TCP/UDP, source !10.10.1.87, source port any, destination !10.10.1.87, destination port 53, NAT IP 10.10.1.87, NAT Port 53.
PiHole is using Quad9-Upstream servers. As I can see from the DNS queries on PiHole, clients are correctly asking PiHole for DNS resolving and PiHole is requesting 9.9.9.9:53.
BUT: No answer seems to get back. From a debian client on the same subnet, let 's say 10.10.1.34, I can ping PiHole fine, but a
dig @10.10.1.87 www.netgate.com gets no result as no server is reachable.
As a side effect PiHole (10.10.1.87) is facing huge queries from its hosting IP, let 's say 10.10.1.98.
If you could give me small hint what to do to solve that issue than that would be amazing.
Best regards
JD.
P.S.: I've should mention that I use conditional forwarding on PiHole. As a result all DNS queries from my LAN are forwarded to the DHCP server on pfsense. Maybe this is a loop (?)
P.P.S.: Turned off conditional forwarding on pfsense - no success (i.e. the many queries from the docker host disappeared but there are still no answered DNS queries from clients on the LAN subnet).
-
This is how I force all rouge DNS to PiHole.
https://forum.netgate.com/topic/156453/pfsense-dns-redirect-to-local-dns-server?_=1671847956280
-
@AndyRH :
Many thanx to you. I've implemented your rules and they seem to work exactly as intended.
Most surprisingly for me, they do this without dedicated firewall rules.
Thumbs up!Best regards
JD.
