Pihole correctly?

Started by N0_Klu3, February 19, 2022, 10:42:37 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 19, 2022, 10:42:37 PM
Hi all.
I'm looking to run Pihole but looking online there is about 50 ways to configure it.

Does anyone have an up to date guide with the best/most correct way to set this up together?
February 19, 2022, 11:19:58 PM #1
IMO the best approach is to have the pihole IP(s) handed out as DNS servers to all clients in your network. Then your decision is what you to use as upstream from the pihole - public DNS servers, unbound on OPNsense, unbound on the pihole host, other...

Depending on how you deal with the upstream DNS, you may need to manually configure local DNS records on the pihole if you want local name resolution
February 19, 2022, 11:27:38 PM #2
Yeah this is where I lose track.

I saw this https://pi-hole.net/blog/2021/09/30/pi-hole-and-opnsense/
Is this worth doing?

I feel like this guild is missing a bit tho.
Like how to setup OPNsense DNS and stuff.

February 19, 2022, 11:36:19 PM #3
That guide is doing the opposite of what I suggested. It is using dnsmasq on OPNsense as the primary DNS server, with pihole upstream from that, and then potentially unbound upstream from that. Seems a bit overkill to me to have three local resolvers. The point of the dnsmasq step seems to be so that DHCP info is passed on to the pihole, which would avoid the manual configuration i mentioned. Helpful tho for dynamic host info appearing in pihole
February 22, 2022, 12:45:30 PM #4
Ok so I think I have it sorted but I have a few questions?

Firstly my setup:
Dual WAN so followed https://docs.opnsense.org/manual/how-tos/multiwan.html
2x VLANs (Guest, IoT)
1x LAN

Now my current setup is using the above dual wan setup, BUT when you go to LAN and Firewall rules, you need to set the IP of OPNsense router for DNS to work.
I set the IP of my Pi-Hole for IoT and Guest and that works fine.
But not for LAN and I see why as Unbound can then not talk out to the world.
DNS via Pi-Hole does seem to work as Pi-hole is on the LAN as is are the rest of the devices and router can talk out to the world.

Is there a specific setup I should use for these rules?

Also I set my Pi-hole as the DNS server under IPv4 DHCP settings and its working there fine.

Can someone confirm this is right, and anything else I should do better?
On Pi-hole I set Upstream DNS Servers -> OPNsense router 192.168.100.1#53
Enabled Conditional forwarding -> 192.168.0.0/16 CIDR - 192.168.100.1 Router - localdomain Local domain name
Print
Go Up Pages1
User actions