this post was submitted on 25 Nov 2023
21 points (100.0% liked)

networking

2779 readers
1 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 2 years ago
MODERATORS
 

I'm trying to set up a Pi-hole on my in-laws' home network. I've got everything configured on the pi but ad-blocking wasn't working. So I did some digging into the logs and found that DNS requests were all coming from the router.

After some reading it seems that the DHCP server that the router used was adding a DNS suffix to all requests (search.charter), so I turned off the DHCP server on the router and used pi-hole's built-in DHCP to see if this would resolve the issue. I didn't have enough time to test the fix, but here's my understanding of what was happening before I changed the configuration:

I set the primary DNS server to the IP address of the pi-hole in the router settings so they would have network wide adblocking. All of the clients get a DHCP assigned DNS server address which was set to the router's address. I would input example.com into a client's browser, the DNS request would be sent to the router, then the router would act as a client in the pi-hole logs. Pi-hole tells the router that example.com is found at 192.158.1.38 and the ads being hosted on the website are at 0.0.0.0. The router sees that the DNS server didn't return a result for one of the queries, so it goes to an upstream DNS server hosted by the ISP where they provide the IP for the ad. Both addresses are sent along to the client device and the pi-hole shows the ad domain as being blocked.

Is that true? Did changing the DHCP server to the Pi-hole fix the problem? Is there anything more that I need to do? Did I totally whiff on troubleshooting? Let me know if you need more information. Any help would be appreciated since I'm trying to learn a little bit more about networking and take a little more control of my home network. Thanks!

top 4 comments
sorted by: hot top controversial new old
[–] ANIMATEK 5 points 1 year ago (1 children)

The router sees that the DNS server didn't return a result for one of the queries, so it goes to an upstream DNS server hosted by the ISP where they provide the IP for the ad

Nope. That is done by the pi-hole itself. The router would send a request, then it either gets the IP or it doesn’t, there are not retries upstream.

[–] [email protected] 2 points 1 year ago

The pihole actually returns its own IP address for any blocked DNS results.
For any http requests (that aren't to the admin interface) it serves up a non-https "this page has been blocked" type webpage.
This way, the DNS request doesn't fail or timeout. It's just the DNS response has been hijacked to return something different than what is posted on the public DNS records.

[–] Funkymatt 3 points 1 year ago

Sounds like a search domain was being configured that would spam the search.carter "domain".

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

What I usually do is

  • configure pihole as DHCP server and to give out pihole address as DNS server
  • configure pihole to use router DNS (if you want but not necessary) as upstream DNS server or
  • (better) use DNSsec enabled DNS server as upstream DNS server such as Quad9