How does Pi-hole interact with DHCP and connection-specific DNS suffixes? - eviltoast

I’m trying to set up a Pi-hole on my in-laws’ home network. I’ve got everything configured on the pi but ad-blocking wasn’t working. So I did some digging into the logs and found that DNS requests were all coming from the router.

After some reading it seems that the DHCP server that the router used was adding a DNS suffix to all requests (search.charter), so I turned off the DHCP server on the router and used pi-hole’s built-in DHCP to see if this would resolve the issue. I didn’t have enough time to test the fix, but here’s my understanding of what was happening before I changed the configuration:

I set the primary DNS server to the IP address of the pi-hole in the router settings so they would have network wide adblocking. All of the clients get a DHCP assigned DNS server address which was set to the router’s address. I would input example.com into a client’s browser, the DNS request would be sent to the router, then the router would act as a client in the pi-hole logs. Pi-hole tells the router that example.com is found at 192.158.1.38 and the ads being hosted on the website are at 0.0.0.0. The router sees that the DNS server didn’t return a result for one of the queries, so it goes to an upstream DNS server hosted by the ISP where they provide the IP for the ad. Both addresses are sent along to the client device and the pi-hole shows the ad domain as being blocked.

Is that true? Did changing the DHCP server to the Pi-hole fix the problem? Is there anything more that I need to do? Did I totally whiff on troubleshooting? Let me know if you need more information. Any help would be appreciated since I’m trying to learn a little bit more about networking and take a little more control of my home network. Thanks!

  • towerful@programming.dev
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    The pihole actually returns its own IP address for any blocked DNS results.
    For any http requests (that aren’t to the admin interface) it serves up a non-https “this page has been blocked” type webpage.
    This way, the DNS request doesn’t fail or timeout. It’s just the DNS response has been hijacked to return something different than what is posted on the public DNS records.