Use Pihole as sole DNS to resolve website internally

4RT

Hey I just put pfsense onto an old laptop to try it out and so far I like it. I do however have a slight issue, I can't get my DNS setting correct, I tried using the default settings then going to Services >> DHCP Server >> DNS Servers >> piHole IP ... this worked for all of about 2 minutes then it stopped resolving any internal DNS entries I had on PiHole (a bunch of micro services I have running behind a reverse proxy) although I do see PiHole denying requests to Blacklisted sites so not sure what's going on.

My current setup is FIOS ONT >> pfsense laptop >> G3100 fios router (used as switch and wireless access point) >> another switch and two other routers used as wireless access points throughout the house

I have a raspberry pi running about 20 different containers with microservices and a website behind an apache reverse proxy (the pihole is one of these services). A couple of these services have admin pages that cannot be accessed unless requested via a LAN IP.

In pihole I have all these services listed as DNS entries so that they resolve to internal IP's and therefore I can access the admin pages (I've had this issue before pfsense where if these services are not resolved internally my WAN IP will be forwarded and can't access admin pages). Now I have pihole behind "pi.hole" and the others at service1.mydomain.com service2.mydomain.com etc... when I set the DNS server to pihole I can access pi.hole and any other service for about 2 minutes before I get a DNS probe not possible error. I have not updated my DNS name provider (cloudflare) with my new IP because I want to verify that my internal services are being resolved internally and not routed out and then back in.

The only way I'm able to access anything right now is if I put pihole or any other service under Services >> DNS Resolver >> Domain Overrides but I dont want to do this for all of my services I should just be able to utilize pihole for this.

I tried using dig and it all resolves to my external IP (actually cloudflare because I'm using their proxy service) and I can't have that.

I tried doing this: https://docs.netgate.com/pfsense/en/latest/recipes/dns-block-external.html

I also tried the setup described here: https://www.reddit.com/r/PFSENSE/comments/m3nfhn/comment/gqri6c1/?utm_source=share&utm_medium=web2x&context=3 but that also isnt working, same issue.

And a couple other things that havent quite worked.

Does anyone have any suggestions?

johnpoz

@4rt how would pfsense have anything to do with your pihole resolving something it should resolve locally? Is it asking pfsense for this fqdn?

If you had the pihole IP to a client as its dns via dhcp, and it actually gets this.. How would pfsense be involved in that conversation?

pfsense has nothing to do with device A on network X from talking to device B on network X.

4RT

@johnpoz Ok either I'm 10 levels beneath you or maybe you can reword what your trying to say because I don't fully understand what exactly your trying to relay here, but it was my assumption that as the default gateway and DHCP server it takes care of routing or telling clients what DNS server to use, I know at least my machine is not getting a response from pihole because when i use dig someinternalsite the server responding is pfsense and not pihole. I want clients to use the pihole as the sole DNS server or rather the first option. I seem to be overwhelmed with all the different options and so I was hoping someone could point me in the right direction to set tell pfsense to let clients know which DNS to use.

@johnpoz said in Use Pihole as sole DNS to resolve website internally:

pfsense has nothing to do with device A on network X from talking to device B on network X.

Excuse my ignorance but if network A is a LAN and network B is WAN isn't that the whole point of pfsense?

EDIT: So in my dashboard these are listed as DNS servers, How can I keep just the 192.168.1.254 entry?

4RT

Ok so I realized that this issue was only on machines that had static IPs and not using DHCP. They were using pfSense as their DNS (192.168.1.1) and I had assumed pfSense would either forward them to piHole or forward a request on their behalf and so yea I can just change all the static devices to use pihole but is there a way for pfsense to forward DNS requests to pihole? I couldn't get the DNS forwarder to work correctly.

johnpoz

@4rt said in Use Pihole as sole DNS to resolve website internally:

the server responding is pfsense and not pihole.

Well then you didn't point your client to pihole like you said you did.

is there a way for pfsense to forward DNS requests to pihole?

Couple different ways - you could just setup domain override for pfsense to ask your pihole for the domain your using for your internal stuff.

Or you could setup redirection, or you could use forwarding mode in unbound, or yeah the forwarder.

But if your blocking external dns - how would pihole ask another server 8.8.8.8 or resolve itself?

Also are you registering dhcp on unbound in pfsense - if so it could be restarting a lot, etc.

I use pihole, point my clients to pihole via dhcp - setting static IPs on devices is not a very good way to give them an IP. If you want them to always have the same IP - then just setup a dhcp reservation for them - this way going forward if you want to change something like what dns they point to, or your whole IP range, or etc.. you can just change dhcp and they will get the new info when they renew or you reboot them, etc..

https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html