Pi-hole with multiple VLANs

Hi everyone. It’s been a while since I’ve last been on here, so please forgive me if I have posted my question in the wrong area. For what it’s worth, I have spent the last couple weeks combing through this forum trying to find an answer to my question with no luck. While I have seen that several other users have touched upon the subject of using a pi-hole with their Peplink product, I can’t seem to find any real clear answers relating to my particular configuration and setup.

I am currently working with a Balance 380 (actually two Balance 380’s in a HA/VRRP config) and I am wondering if it is possible to use a single pi-hole DNS server across multiple (and isolated) VLAN’s?

I was able to successfully add the pi-hole on one VLAN by configuring it via: (Network > Network Settings > LAN > DHCP Server > DNS Servers), but that’s about where my luck ended.

My questions:

  1. Can DNS requests from clients on separate (and isolated) VLAN’s be forwarded to just one local DNS server?
  2. If so, what is the most efficient way to accomplish this?

Any suggestions or help would be appreciated.

Thank you in advance.

Put the pi-hole on a spare WAN port if you have one. All isolated LAN VLANS can access that if you need them to. Otherwise have a dedicated VLAN for the PiHole, then block inter vlan traffic using firewall rules and add a rule to allow access to just the PiHole VLAN.

1 Like

Hi Martin,

Thank you for your reply. So, I haven’t been able to test out your suggestion as of yet. However, I did discover that I was able to get everything working if configured the IP’s of both my pi-holes as DNS resolvers under: (Network > Network Settings > DNS Proxy Settings > DNS Resolvers > LAN Connection).

As of right now, I am able to utilize both pi-holes from any VLAN, even though they are isolated from one another. I am curious though, is this actually the proper way to configure this type of scenario? Or did I perhaps stumble upon a way to make something work in a way it wasn’t designed to? (I seem to do this more often than not).

Regards.

Hi @MartinLangmaid,

Could you elaborate how i could do this on a Balance 20? I have a spare WAN port… my piHole is currently hosted on my LAN with a 10.57.20.20 IP.

I presume it’s not as simple as simply activating the second WAN and plugging in the piHole is it? :wink:

Just edit your lan settings and in DHCP settings set the DNS server you to the pihole eg;

2 Likes

Thanks @MartinLangmaid

I presume i need to activate the second WAN interface in the B20… after doing so, I can’t connect to the PiHole web admin nor can i ping it

No you don’t. I only suggested the previious poster use the WAN as he had multiple VLANs on his LAN.
I don’t think you do, so it can be plugged into the LAN also.

1 Like

I also have mutliple vlans… so i’d have to use spare WAN port… I’d want to use the DNS proxy settings as well to redirect ALL DNS requests to this resolver.

So for now, if I leave the second WAN port as inactive, I can’t ping or access the pihole web admin…

forgive my ignorance. :slight_smile:

I see OK. So the pihole needs to be on its own IP/subnet, different to any LAN IP ranges. With it connected to WAN2, you will need to:

  1. Create an outbound policy that sends all internet traffic via WAN1 by default.
  2. Disable healthcheck on WAN2, statically assign WAN2 with an IP in the same subnet as the pihole.
  3. In LAN settings for your VLANs point DNS to the IP of the piehole.
3 Likes