Hello,
i hope this is the right place to set the topic.
I use pi-hole behind the OPNSense Firewall. I use VLANs.
Pi_Hole worked on LAN as it should do. But on my VLAN it didnt and pi-hole told me a dnsqer error. so i changed under settings in pi-hole "Respond to the re0". I am unsure if this setting is unsafe, because its telling me "normally you dont use a firewall in your network". So what do you think? Any other way to change this or i am right?
Thank you!
It is safe. Unless you change that setting, Pi-hole won't respond to requests from a different subnet.
What is stated there is "In a typical at-home setup where your Pi-hole is located within your local network (and you have not forwarded port 53 in your router!) they are safe to use." So with the Pi-hole device behind your OPNsense router, there is no outside access to it and, therefore, not vulverable.
Patuff,
Would you happen to have a link available that explains how you configured opnsense to only use pi-hole for DNS? (Or could you reply with how you configured opnsense to only use pi-hole for DNS?) Any help would be greatly appreciated.
here are a couple of links:
https://homenetworkguy.com/how-to/configure-opnsense-firewall-vlan-pihole/
https://homenetworkguy.com/how-to/redirect-all-dns-requests-to-local-dns-resolver/