Pi-hole, DHCP & DNS for an idiot

I’m trying to set up Pi-hole on a home server using Docker and failing miserably since I have no idea what I’m doing… The idea is to set it up to use the built-in DHCP server and host networking mode (by just disabling the DHCP server on my router and enabling the Pi-hole one) but it doesn’t seem to be working, the only queries showing up in /var/log/pihole.log look like this:

query[A] pi.hole from 127.0.0.1
Nov 26 14:12:19 dnsmasq[694]: /etc/pihole/local.list pi.hole is 0.0.0.0

I’m trying to set it up to use the DHCP server specifically but I also don’t really have a choice to do otherwise because my router doesn’t support changing the DNS server only.

After disabling DHCP in the router and restarting the router (and the server), I’ve noticed that the server doesn’t connect to the network anymore: connect: Network is unreachable; what I gather from this is that without DHCP the server doesn’t get an IP address at all, since previously it was configured to use a static DHCP lease via the router. Am I correct in guessing that I have to set a static IP on the server itself (outside of Docker)?

I’m also getting these messages in the Pi-hole container logs:

sudo: unable to resolve host <hostname>

where <hostname> is the hostname of my server.

I don’t understand anything. Help.

Wouldn’t you point your router at the PiHole, so DHCP and DNS requests get forwarded to the Pi.

Probably because there is no DHCP server to be found.
You could now go round and manually type in IPs (usually 192.168.x.yyy)

Unless there is a DHCP server, yes.

Right, that’s the part that I think I’m missing (other than setting a static IP), but how do? The only related option in my router software (apart from disabling the DHCP server) is “LAN Host Configuration” where I can set the Primary IP Address (currently set as the router’s) and Primary Address Subnet Mask. Would that be it?

It also says:

On this page, you can configure the LAN management IP address.After changing the LAN management IP address, ensure that the primary address pool on the DHCP server is in the same subnet as the new LAN IP address. Otherwise, the DHCP server does not function properly.

Depends on your Router.

No.
The Subnet-Mask controlls which part of the IP address are “for use” in a network.
A mask of 255.255.255.0 (or /24) means only the last 3 digits of the IPv4 are available. For example your network would be 192.168.1.xxx with available addresses ranging from 192.168.1.1 to 192.168.1.255

I see. I’ve also found this similar post and after reading the comments there I think I should be fine after just assigning a static IP on the server. Will report back once I figure out how to do that.

2 Likes

What os are you running? If Ubuntu it’s as easy as editing /etc/network/interfaces with eth0 being your network adapter (you can see it with ip a ) and the gateway being your router, that needs a static IP as well.

auto eth0
iface inet eth0 static
    address 192.168.178.2/24
    gateway 192.168.178.1

CentOS 7. It seems to be fairly similar, I’ve edited /etc/sysconfig/network-scripts/ifcfg-<interface> where <interface> is the name of my network interface like so:

-BOOTPROTO="dhcp"
+BOOTPROTO="none"
+IPADDR="<server-ip>"
+PREFIX="24"
+GATEWAY="<router-ip>"

I’ve also found that DNS="<router-ip>" is something that people set, I’ve omitted it since Pi-hole is supposed to be doing that. Should I have set DNS="<server-ip>" maybe?

After disabling DHCP once again and restarting, the server connected to the network successfully and was reachable at <server-ip>.

Then, trying to check whether Pi-hole has assumed the DHCP server role, on my Windows client i’ve done ipconfig /release and ipconfig /renew, the latter resulting in this:

An error occurred while renewing interface Ethernet : unable to contact your DHCP server. Request has timed out.

After which the Windows client lost network access. I am very confused.

I should mention a few more things, I’ve tried to configure the Pi-hole DHCP server to match my router’s (same IP address mask, gateway IP address and lease time).

I’ve also had to allow the http, dns, dhcp, dhcpv6 services in firewalld (this is a CentOS thing):

firewall-cmd --permanent --add-service=http --add-service=dns  --add-service=dhcp --add-service=dhcpv6
firewall-cmd --reload

since from what I understand those are the ones Pi-hole uses (and are equivalent to ports 80, 53 and 67 respectively?).

1 Like

After taking a little break to clear my mind I’ve just tried turning off the router’s DHCP again and doing ipconfig /release and ipconfig /renew and everything seems to be working now. Pi-hole is receiving queries from all the clients. I think I must have rebooted devices in a weird order last time I tried.

Still getting this in the logs though, but it doesn’t seem to affect anything:

sudo: unable to resolve host <hostname>

Thanks for the help for those who replied.

1 Like

I’ve noticed that the Pi-hole DNS server is not used for all queries. In fact, clients connected to the network see two DNS servers: the Pi-hole, and one other which is what I’ve now learned is an IPv6 Link Local address (which I’m assuming is my router’s). There are no more options to disable this functionality on the router side, so I’m guessing I must somehow make Pi-hole use IPv6 as well so that the clients default to using it for all DNS queries. Checking Enable IPv6 support in the GUI doesn’t seem to do the trick…

I’ll try to follow this I guess? ip -o addr shows two addresses as described (which I also don’t understand yet, as described). So which one to set in /etc/pihole/setupVars.conf ? :thinking: I just chose the first… Now, the Google IPv6 DNS checkboxes seem to be greyed out in the GUI (as was the case before). Is this an indicator that IPv6 is not working? …

Setting up IPv6 seems impossible for now. The lack of documentation isn’t helping. The IPv6 DNS checkboxes in the Pi-hole gui are no longer greyed out when setting the ServerIPv6 environment option for the Docker container, but IPv6 DHCP leases are still not being handed out and queries are ignored. Setting a static IPv6 address made no difference either.

Android famously only uses slaac and rdnss from nd, and not dhcpv6.
Windows used to not support rdnss from nd until two years ago or so.
You really need both.

Who’s your ISP/which router did they give you?

I’d rather not say the exact model, it’s not ancient but not exactly modern either, just the default setup for a place where I am a tenant. The ISP overall is great (cheap, fast and stable speeds).

Just as a sidenote, you can use nmtui on Centos (8 at least), it’s pretty great :wink:

Sorry for bumping again, just want to post a conclusion in case anyone in a similar situation finds this:

What I’ve learned:

  1. IPv4 and IPv6 are massively different.
  2. DHCP is an IPv4-only thing, so for routers that do not “let you change these settings” as described in the documentation, Pi-hole will not fully work by design (it will only work for IPv4 queries, and IPv6 queries will be ignored, unless the DNS server is set manually for each client; I’m not sure this is even possible on Windows 10 where the “recommended” strategy is to disable IPv6 altogether but that might not be desirable).
  3. For the DHCP server to even work in the first place, a static IP is a requirement.
1 Like