Pi-Hole network ad/tracker blocker - rebinding?

I’m installing a Raspberry Pi Pi-Hole server on my Surf SOHO Mk3 v8.01 network and am unable to have the Surf show the Pi as DNS.

The router accepted the entry on each LAN/VLAN page. In Network/Network Settings/ , I disabled “Assign DNS server automatically” and added the Pi DNS address. Tests show the DNS address did not change for the connected devices - the Surf still uses the default gateway for my main internal LAN instead of the Pi IP address. (It’s DHCP Reservation, so basically static.)

The Pi has good connectivity (I can ssh into the Pi), but the Pi and the other devices on the network show different DNS values (“scutil --dns” and “nslookup” ). The Pi-Hole install opened ports 53 and 80 in my firewall. Both are on /24 subnet.

Again, I’m a newbie at this, but is this a case of “rebinding,” and if so, how do I get around it? Do I have to resort to “IP Passthrough” and also hand off the DHCP function?

1 Like

Hi. We have several PiHoles in use and have not had that issue. Have you tried “releasing” the clients? Like … Turn DHCP off on the SOHO and disconnect one of your clients. Turn DHCP back on again and instruct the client to reconnect. Any luck?

And, just to make sure … PiHoles can also serve as DHCP server. You have that disabled, right? (I’m sure you do but thought I might ask.)

1 Like

Rick,

Thank you - I wonder if you could be a little more verbose, please. There are several “Enable DHCP” checkmark locations - on the main WAN page and one each of the tagged and untagged VLAN pages.

Yes, I verify I am not using Pi-Hole’s DHCP.

Hi. I don’t have access to a SOHO at the moment but I’m pretty certain that setting for all the Pepwaves are in roughly the same location. For a Max BR1 it is at Network --> LAN --> DHCP Server --> Enable. Do you see something like this …?

1 Like

Sure, thanks, that’s the LAN page. I have a LAN and two tagged VLANs, so three pages like that. I would have to disconnect all three, then turn off a client machine - laptop, smart phone on WiFi, or whatever.

I was a little concerned about how I get back onto the SOHO web admin page after turning all off DHCP. I guess I just leave one machine connected and up while I disable DHCP.

…or you could reduce the Lease Time to 5 mins temporarily?

Network>Network Settings>Untagged LAN

What about adding that Extended DHCP Option?

1 Like

Thanks, @Rick-DC, but there’s still a problem. Turning off DHCP, recycling a laptop, then renewing DHCP lease did convince the client to use the Pi-Hole as DNS, but it doesn’t use it.

For instance, “scutil --dns " shows nameserver as the Pi-Hole LAN IP address, and " nslookup 1.1.1.1” leaves through the router, experiences delay (***) at the next step (maybe the Pi-Hole DNS?), but eventually finds 1.1.1.1. However, when using nslookup -n google.com, I get a “traceroute: unknown host google.com.”

That’s the same as I had yesterday - it works with IP but not DNS - and why I thought the SOHO might be rebinding.

I’m sure I’m missing something, but I now have three days trying to debug this. Maybe it conflicts with the WAN server settings, which I did not change - it’s still Quad9.

Unless I’m missing something obvious, I think it’s time to try using the Pi-Hole’s DHCP function. Can you tell me if enabling “IP Passthrough” on the WAN Details page is all that’s necessary for that?

Thanks.

The recycle of the client worked okay, but I’ll look at reducing the Lease Time.

I know nothing about Extended DHCP. Guess it’s something else I have to consider. This was supposed to be easy.

Are you referring to the SOHO firewall? I must be missing something here. The PiHole should not touch the SOHO’s config.

So, when you go to the PiHole’s Query log you don’t see something like this where each and every DNS query is shown?

Maybe it conflicts with the WAN server settings, which I did not change - it’s still Quad9.

No. They’re independent. We usually set something like 1.1.1.1 and 9.9.9.9 for the WANs but point the LAN DNS to the PiHole(s).

I think it’s time to try using the Pi-Hole’s DHCP function. Can you tell me if enabling “IP Passthrough” on the WAN Details page is all that’s necessary for that?

I’d recommend using the SOHO for DHCP. Frankly, we’ve never found a situation where it made more sense to use a PiHole for DHCP in lieu of a Peplink router – and we’ve installed quite a few of both. I don’t think this is a rebinding issue or a problem with the SOHO DNS. And, “IP Passthrough” is a good feature but won’t get you where you want to go.

I wonder if you could be a little more verbose, please. There are several “Enable DHCP” checkmark locations - on the main WAN page and one each of the tagged and untagged VLAN pages.

Configure the WAN as needed to talk to your ISP. Don’t put the PiHole address there. The PiHole serves your LAN clients only. (And, FWIW, generally, I’d advise not to add VLANs until you have the primary, untagged LAN working as you wish.)

One more question: When you set up the PiHole you assigned it static address on the untagged segment, right?

1 Like

No, I didn’t give the Pi-Hole a static IP - didn’t know how to do that. I gave it a DHCP reservation inside the DHCP range. But, yes, it’s in the untagged segment.

Keeping the SOHO in control of the DHCP was always my preference. Thanks for the hint that IP Passthrough isn’t the way to give the Pi-Hole control of the DHCP.

How do you set a static IP in the Surf SOHO?

Hi. You have two alternatives.

  1. Assign the address on the device itself (the Pi in this case). When you configure PiHole it asks if you want to use he present address or assign one. My preference is to do it this way – and to assign address that is outside of DHCP range.
  2. Use the “address reservation” method. See the PiHole’s present address at status --> Client List? The rightmost columns allows you to reserve that address for the subject device. So, when the device boots and the MAC address is seen by the DHCP server in the SOHO the same IP address will be assigned – over and over.

Personally? I prefer the first approach when feasible but both work well. What you must not allow to occur is for the PiHoles’ address to change – ever. I’m wondering if this may be your issue.

If you decide to take the first option it’s really a simple matter to reinstall PiHole.

1 Like

You’ve hit my problem - I was doing both alternative 1 AND 2. I thought I had to tell the router where the static IP address was. Thanks.

1 Like

I always use option 2. Easy Peasy. Except for my Ubuntu Plex server. I ended up using netplan to set it on the server.

I ran into a similar issue to yours with the PiHole I think awhile back. I had reinstalled it in a new subnet and so had reset the static IP using option 2 stated above. But it wasn’t resolving properly.

I ended poking around the PIs dhcpd.conf file and notice it had 2 static IP entries in there. My old one and new one.

Not sure how it got to that but I removed the incorrect one and rebooted the PI and it was fine.

I read this in the docs a bit later.

Pi-hole needs a static IP address to properly function (a DHCP reservation is just fine). Users may run into issues because we currently install dhcpcd5 , which may conflict with other running network managers such as dhclient , dhcpcd , networkmanager , and systemd-networkd .
As part of our install process, we append some lines to /etc/dhcpcd.conf in order to statically assign an IP address , so take note of this prior to installing.

2 Likes

Just to build on Rick’s second recommendation. When you activate the reservation option (in the rightmost column) you can change the IP address of the client to your preferred (static) one. It can be outside the DCHP range of dynamically assignable addresses, if you wish.

The new address will be assigned to the device when it next requests an IP address.

I like this way of setting up static addresses because all the devices will be configured in one place - at the router. Consequently there will be no need to keep track of configuration settings at each device, nor any danger of accidentally assigning the same address to more than one device (the router refuses to accept the duplicate), nor any need to keep a log of which device was assigned what address, as it is all visible at the router.

The usual $0.02.

Cheers,

Z

1 Like

How do you install Pi-Hole without setting it as static during the process? Or do you change it to Reservation after that?

It’s just not working for me. The Pi and the laptop both show my chosen static IP address, but the Pi-Hole isn’t allowing me to reach the internet.

I want to try using the Pi to deliver DHCP instead of the SOHO. I suppose I just turn DHCP off at the LAN page and not choose IP Reservation, true?

When you install the PiHole software and configure it you will be asked if you want to set a static address for the pi or to use it’s present address. Choose the latter. OR, if you have already installed it and do not wish to reinstall all you have to do is follow the instructions I set out above – and which was nicely expanded upon by @zegor_mjol . The latter process will “start” with a DHCP address for the pi but once you follow the “reservation procedure” it will never change. So, you have a static address w/o messing with the pi. So the answer to your question “Or do you change it to Reservation after that?” is “yes.”

So, your clients do show the PiHole as the DNS address, right?

And, if you answered my question as to if you see the DNS queries in the PiHole log – I missed it.

As to your last question … No one here has any experience using a PiHole as a DHCP server – we would not likely do that when using a Peplink/Pepwave router – no reason to do so that I can think of.

2 Likes

Sorry, I did miss that. The Pi-Hole at installation opened ports in my ufw firewall.

Of the three times I’ve installed Pi-Hole (re-flashing the pre-Pi-Hole image each time to clear away any of my mistakes) I’ve always said “no” to current IP settings, because they’re inside the normal DHCP range, then I choose one outside the range.

Yes, my laptop, etc., all show the proper DNS, sometimes after I’ve manually changed them to the Pi’s IP. Doesn’t work. Everything reports the right numbers, but uses the default gateway as the DNS anyway.

Got it. I’d been using the Network/VLAN page to set the IP Reservation after I had set it as a static IP during the Pi-Hole installation, basically both Rick-DC alternatives, 1 and 2. Using @zgor_mjol technique I can keep it on the router.

@stego may have figured it out for me, though - he allows inter-VLAN routing, which I hadn’t done, then configures SOHO Advanced/Firewall/Access Rules to allow internal and block eternal DNS. Nothing else I’ve done works, anyway.

Yes, inter-VLAN routing would be required if you want the PiHole to support VLANs and their subnets. However, I understood you to say that nothing worked. That would disallow the inter-VLAN routing issue as a cause.

Glad its working now!

2 Likes