OPNsense Forum

English Forums => General Discussion => Topic started by: ThePOO on October 27, 2018, 09:48:08 pm

Title: [SOLVED] pi-hole -- local DNS resolution of host names by OPNsense
Post by: ThePOO on October 27, 2018, 09:48:08 pm
What I have:
-------------------------------------

pi-hole 4.0 and OPNsense 18.7.6


pi-hole (192.168.1.15/admin/settings.php) ...

Settings-->DNS

Upstream DNS Servers
Custom 1 (IPv4)
192.168.1.1

Advanced DNS settings
un-checked Never forward non-FQDNs
un-checked Never forward reverse lookups for private IP ranges
checked Use Conditional Forwarding
IP of your router 192.168.1.1
local domain name poonet

OPNsense (192.168.1.1) ...

System-->Settings-->General

Domain name poonet
DNS Servers are left blank, on purpose
checked Allow DNS server list to be overridden by DHCP/PPP on WAN
un-checked Do not use the local DNS service as a nameserver for this system
** my ISP provides excellent DNS servers and I'm happy to dynamically receive their IP addresses

Services-->DHCPv4-->[LAN]

DNS servers
192.168.1.15
192.168.1.1

All devices on my network are statically mapped in OPNsense DHCP.

------------------------------------------------------------------
Resolving public DNS:

Device contacts 192.168.1.15 for resolution.
192.168.1.15 then contacts 192.168.1.1 for resolution.
192.168.1.1 then contacts the dynamically supplied ISP servers for resolution.
pi-hole at 192.168.1.15 blocks querries for bad things or passes the resolved information to the requesting device.

This all works beautifully.
------------------------------------------------------------------

Resolving local host names:

Now, then, my problem ---  192.168.1.15 is trying to query 192.168.1.1 to resolve device host names and I can't figure out what I need to enable/configure in OPNsense to get pi-hole the resolved host names?

No rush ---- if anyone can "resolve" this I'd be eternally grateful <smile>


*** Fiber connected to my local ISP .. 100/100.    I could get 1000/1000, but what would I do with THAT?    Extra $25 a month -- might try it sometime just for kicks. ***

Title: Re: pi-hole -- local DNS resolution of host names by OPNsense
Post by: weust on October 28, 2018, 01:05:55 am
If you use 192.168.1.1 only to forward to the internet DNS server, don't use it on the inside, as it will not know your LAN DNS records.

But you are making it yourself quite difficult, imo.
I have OPNsense and Pi-hole as well, but I don't use DNS on OPNsense at all.
In fact, even the WAN DHCP has the option enabled to not use the ISP DNS servers, but Pi-hole.

On my Pi-hole I have a /etc/pihole/lan.list file which, obviously, hold the records of most of my internal machines and such.
Pi-hole is the only device in my LAN that has access to internet DNS servers.
Makes things a lot easier to manage (it's all in one place) and DNS forwarding doesn't have to go through several machines before it finally goes to the internet.
Title: Re: pi-hole -- local DNS resolution of host names by OPNsense
Post by: ThePOO on October 28, 2018, 03:22:36 pm
In my original configuration I also did not use OPNsense DNS at all.      My over-kill on the current configuration was to provide devices an alternate path, that being OPNsense, should pi-hole stop responding, and to take advantage of dynamic DNS server addresses assigned to OPNsense.      It does work marvelously.    If I shut down pi-hole for any reason devices still get DNS resolution.       Perhaps, after I have pi-hole in service for a few months, I'll simplify the configuration and take OPNsense out of the loop and not use its DNS at all.

Now, for the internal DNS resolution of my devices ...  is there any software solution that can be used on OPNsense to answer the pihole request for local DNS resolution of host names?       If not, then using /etc/pihole/lan.list is something I can look into.    I'm just not thrilled about using that file as its information is in duplication of all my statically defined devices in OPNsense DHCP.

But ---- in the end, if I totally trusted pi-hole and its stability, etc., I'd super simplify my DNS resolution path, yes.      It would be nice if local DNS could resolve host names .... using duplicate information in a pi-hole list isn't a deal breaker but a let down, nonetheless.

All, in all, OPNsense rocks, pi-hole rocks ... It's all good.    <smile>
Title: Re: pi-hole -- local DNS resolution of host names by OPNsense
Post by: MrB on October 28, 2018, 04:59:13 pm
Don't know what you are using for DNS forwarding on OPNsense but in both Unbound DNS and Dnsmasq there are check boxes for:

The latter sounds like what you are looking for.
Title: [SOLVED] pi-hole -- local DNS resolution of host names by OPNsense
Post by: ThePOO on October 28, 2018, 06:00:35 pm
Quote from: MrB on October 28, 2018, 04:59:13 pm
Don't know what you are using for DNS forwarding on OPNsense but in both Unbound DNS and Dnsmasq there are check boxes for:
  • Register DHCP leases in the DNS Resolver
    If this option is set, then machines that specify their hostname when requesting a DHCP lease will be registered in the DNS Resolver, so that their name can be resolved.
  • Register DHCP static mappings in the DNS Resolver
    If this option is set, then DHCP static mappings will be registered in the DNS Resolver, so that their name can be resolved. You should also set the domain in System: General setup to the proper value.

The latter sounds like what you are looking for.


I enabled:
Register DHCP leases in the DNS Resolver
Register DHCP static mappings in the DNS Resolver
in Unbound in OPNsense

I changed nothing in pi-hole.

I rebooted both OPNsense and pi-hole -------------- NOW PI-HOLE RESOLVES MY HOSTS PERFECTLY!!!!!

Thanks everyone.       :)