21
submitted 11 months ago* (last edited 11 months ago) by GiuseppeAndTheYeti@midwest.social to c/networking@sh.itjust.works

I'm trying to set up a Pi-hole on my in-laws' home network. I've got everything configured on the pi but ad-blocking wasn't working. So I did some digging into the logs and found that DNS requests were all coming from the router.

After some reading it seems that the DHCP server that the router used was adding a DNS suffix to all requests (search.charter), so I turned off the DHCP server on the router and used pi-hole's built-in DHCP to see if this would resolve the issue. I didn't have enough time to test the fix, but here's my understanding of what was happening before I changed the configuration:

I set the primary DNS server to the IP address of the pi-hole in the router settings so they would have network wide adblocking. All of the clients get a DHCP assigned DNS server address which was set to the router's address. I would input example.com into a client's browser, the DNS request would be sent to the router, then the router would act as a client in the pi-hole logs. Pi-hole tells the router that example.com is found at 192.158.1.38 and the ads being hosted on the website are at 0.0.0.0. The router sees that the DNS server didn't return a result for one of the queries, so it goes to an upstream DNS server hosted by the ISP where they provide the IP for the ad. Both addresses are sent along to the client device and the pi-hole shows the ad domain as being blocked.

Is that true? Did changing the DHCP server to the Pi-hole fix the problem? Is there anything more that I need to do? Did I totally whiff on troubleshooting? Let me know if you need more information. Any help would be appreciated since I'm trying to learn a little bit more about networking and take a little more control of my home network. Thanks!

you are viewing a single comment's thread
view the rest of the comments
[-] towerful@programming.dev 2 points 11 months ago

The pihole actually returns its own IP address for any blocked DNS results.
For any http requests (that aren't to the admin interface) it serves up a non-https "this page has been blocked" type webpage.
This way, the DNS request doesn't fail or timeout. It's just the DNS response has been hijacked to return something different than what is posted on the public DNS records.

this post was submitted on 25 Nov 2023
21 points (100.0% liked)

networking

2776 readers
1 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 1 year ago
MODERATORS