Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pi-hole setup

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 2 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MrGlasspoole
      last edited by

      I want to test Pi-hole and did set it up in a Debian virtual machine.
      I want to make sure the DNS settings are right.

      1. No DNS servers in System > General Setup
      2. Disabled DNS Forwarder
      3. DNS Resolver > General Settings = Enabled DNS Resolver & DNSSEC Support
      4. DHCP Server > LAN = Enabled DHCP Server & added 10.1.0.10 (the Pi-hole IP) in DNS Server 1
      5. In Pi-hole set Upstream DNS Servers to 10.1.0.1 <- pfSense LAN interface

      If this is correct what DNS server would you assign to stuff like print servers, microcontroller, WLAN access points - pfSense or Pi-hole?

      1 Reply Last reply Reply Quote 0
      • BiloxiGeekB
        BiloxiGeek
        last edited by

        Right now I've got this:

        • pfSense set to use ISP provided DNS.
        • DHCP static maps for all internal systems that sets DNS for the clients to be the pi-hole RPi3.
        • pi-hole set to use pfSense as it's upstream resolver.

        So all the clients get DNS from pi-hole and pi-hole can use it's blacklist and whitelist to filter out the ads and bad stuff.  If pi-hole can't resolve a request it sends it up to pfSense to handle it from there.

        It's working so far, only been running the pfSense box for a couple weeks now.  I'd like to get squid, squidguard and pfBlockerNG to take over the pi-hole duties and get a proxy working, but my first attempt at setting those up failed with practicality nothing working so I backed off to my current setup.  I'll have to do more studying on getting it all working nicely.

        1 Reply Last reply Reply Quote 0
        • M
          MrGlasspoole
          last edited by

          I was playing with squidguard two years ago and was not happy with it. I even payed for squidblacklist.org for a while.
          To much stuff was not working and i went back to uBlock because there you can just disable the blocker by just a click for one side/tab in your browser.

          After the installation of Pi-hole i found now pfBlockerNG and playing with that since one hour.
          Looks like pfBlockerNG can do allot more then Pi-hole - maybe different rules for different devices?

          I disabled Squid because i did not see a difference in speed with a proxy here at home (120 Mbit/s).

          1 Reply Last reply Reply Quote 0
          • BiloxiGeekB
            BiloxiGeek
            last edited by

            Yep, I think that's the direction I'm gonna head as well.  No proxy and set up pfBlockerNG to take over the DNS filter duties from pi-hole.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.