It isn’t working yet - I had given up and re-flashed the Raspberry Pi SD card to a pre-Pi-Hole configuration. I hadn’t realized the issue was inter-VLAN routing.
It might not be my whole problem, though - my last attempt limited the scope of the Pi-Hole to my main, untagged LAN, with the Pi-Hole on that subnet and it didn’t work, either. Yes, I could have an even more basic problem.
Can you ssh into your PiHole and run
cat /etc/dhcpcd.conf
You should only see 1 entry defined for your eth interface.
That’s interesting. I actually see three entries, “static ip address” (which the Pi and is right), “static routers” (which is the default gateway for than LAN and is right), and “static domain name” (which is, 127.0.0.1)." Are these the additional entries you mentioned that they added?
Right now, the Pi-Hole is working on the main LAN (no VLANs yet). The two oddities were that I had to manually add firewall rules to the Pi’s ufw firewall, and I had to manually add the DNS address to my laptop. This isn’t ideal, as I may run across some clients that won’t let me add manually. Still, progress.
@Jaywalker, Another forum member had this similar issue last year. I am currently running 2x Pi-Holes, on their own VLAN, with static ip reservations on the LAN page (Rick’s method #2). Then in each VLAN (not the Pi-Hole VLAN), I manually set the DNS servers to the static ip addresses of the PI-Hole’s. I would not change the WAN DNS settings as this caused all sorts of issues with connecting.
The only real hitch is that the Pi-Hole’s VLAN needs to have “Inter-VLAN Routing” specifically checked for this to work. This can then be overruled manually through the internal firewall rules, by denying the Pi-Hole’s VLAN network access to the other VLAN’s. If you have a guest network or whatever that does not have “Inter-VLAN Routing” checked, but uses the Pi-Hole for DNS, this should still work.
Your original post may have been correct, when you set the DNS servers manually to those of the Pi-Hole IP’s, did you by chance reboot the router and/or your laptop to reinitialize the connection at the time? Your laptop may not have refreshed the updated DNS. Try setting the Pi-Hole on its own VLAN prior to installing the software or setting it up. Then go through everything as you had previously. That will give it the IP address you want, not within the range of your current DHCP.
Anyway, here is the original post from last September. It has screenshots with my setup. Hope it helps.
Thanks - that would have let me know I wasn’t alone. I did reboot, but maybe not the first time. After the third SD card re-flashing and re-installation, I’m actually getting pretty fast at setting it up. Not “good,” mind you, but “fast.” I know at some point - maybe not the first time - I did reboot everything I could find.
I’m actually leaning towards this being a MacBook Pro problem, rather than a Pi or or Surf SOHO issue. I had to manually add my MacBook’s DNS, but not my iPhone’s. Weird.
You should only see 1 eth interface config. That was my problem… after some reboots and config chnges, i had ended up with duplicate eth interface configs, with different IP addresses. PiHole I believe was using the wrong one, and i couldnt access the internet from the Pi, or my devices resolve DNSs.
Here is my eth config in /etc/dhcpcd.conf
interface eth0
static ip_address=10.57.20.20/24
static routers=10.57.20.10
static domain_name_servers=127.0.0.1
So you had two groups of three?
I believe so yes… I had my Pi previously on a 172.x subnet, but i decided to switch it to 10.x when i got the Peplink.
The PiHole was keeping the old “interface eth0” config for my 172.x subnet! I only discovered that after fiddling for a couple of hours with reboots and resetting the static IP config using the installer…
Led me to this file where i saw the duplciate eth0 entry… deleted the old one, rebooted the pi and was all good from that point. Been running since November last year without any problems.
The Pi-Hole is working now - more later.
Excellent suggestion.
To wrap this up for posterity and to thank the people who pitched in and help me understand the router end of this Pi-Hole project, my setup is working now. I’ve set it up simplified and will add complexity later: Pi-Hole only on Main untagged LAN, and no connection with my guest VLAN nor my IoT VLAN, and still no inter-VLAN routing. I did use the @Rick-DC IP Reservation method, i.e., select “current IP” during Pi-Hole installation, then on Status->Client List in the rightmost column reserved that IP.
The other change to previous setups was to modify the ufw firewall rules to allow ports 53 and 80. The Pi-Hole devs say that’s done automatically to IP Tables during installation, though they did not show up in ufw itself. I’m not knowledgeable enough to say; I left ufw as I changed it.
One problem might have been MacOS - it does not seem to automatically pick up the DNS as defined on the Network → LAN/VLAN page. This was not the case with iPhones - they automatically picked up the DNS from the router. In the case of both MacBooks, I had to manually change the DNS in the System Preference → Network → Advanced → DNS. Since I was setting Pi-Hole up and testing with the Mac, the failures to function automatically made me believe I was setting it up wrong; it’s possible that wasn’t the case.
Finally, one extremely odd thing is that my Amazon Fire Stick shows up on the Pi-Hole console even though it’s in a different VLAN, while its router page is definitely not pointing at the Pi-Hole, and inter-VLAN routing is not selected.
@Jaywalker … I was traveling for the last two days and am just now catching up on things. Glad it is working – mostly. If you need some more assistance just send me a PM and I’ll reply with my phone number. Might be easier than a flurry of messages back and forth. 
Thanks, I’ll do that when I finally figure the scope of the issue.
I have uninstalled the Pi-Hole temporarily because I’ve discovered that my firewall rules allow inter-VLAN routing, and I don’t want that if I can avoid it. The Pi-Hole DNS device assigns itself an IP address on the main VLAN and not the IoT VLAN, and so does the Amazon Fire Stick streaming device. Removing the ufw rules took me back to a non-operative condition.
Pi-Hole installation should have provided IP Tables ports for 53 and 80, so now I need to learn about IP Tables before I re-install. Stay tuned.
I have re-installed Pi-Hole and it’s working.
Following the advice of @Rick-DC I simplified the effort. I started with a new Pi-Hole installation on Raspian install without ufw, the Uncomplicated Fire Wall. (A firewall isn’t necessary behind the NAT, and avoiding it certainly simplified the Pi-Hole setup.) It’s only for the IoT_VLAN, so there’s no need for inter-VLAN routing or firewall rules. All the configuration changes are centralized on the router, not the devices - the device points at the router IP, while the router network manually points at the Raspberry Pi for its DNS.
For those who decide to do a Pi-Hole installation, I recommend this simple approach.