Hi, I was wondering how to interpret the information from my pihole. Apparently my openwrt accespoints makes DNS reuqests on behalf of some of the connected clients if that makes any sense? Have I misconfigured something in my accesspoint setup? What situations would the AP do a DNS request on behalf of an AP client?
It is a pretty plain setup the APs are connected with a wired backbone to a router that handles DHCP and assigns the pihole as local DNS (with unbound). Outbound traffic on port 53 is blocked for everything except the pihole, that acts as local DNS server.
For OpenWrt? In all situations. By default OpenWrt is configured with dnsmasq which has two jobs.
DHCP server
DNS caching repeater
It hands out the AP's address to clients as their DNS server, accepts their DNS queries, and passes them on to your upstream DNS server as required. There are lots of benefits to this. If you don't want it, if you want your APs to be dumb APs, then disable dnsmasq on them.
Are all devices configured as dumb APs? If any of them are running in routing mode, the behavior observed would be expected. However, if they are configured as proper dumb APs, they should be transparent and should not be making an DNS requests on behalf of any clients devices (but there may be DNS requests from the router itself for things like NTP and any other services you might be running on those devices).
This is not required, but is fine to do. However, there are is a nuance here... it is critical that a dumb AP has the DHCP server disabled on the lan interface within the /etc/config/dhcp config file. If it is left enabled, the dhcp server will conflict with your main DHCP server.
The distinction is this: Disabling dnsmasq does also disable the dhcp server, but if dnsmasq is re-enabled (such as during a sysupgrade), the dhcp server will turn back on and you'll experience network issues. But explicitly setting the interface to be ignored by the DHCP server in the config file, if/when dnsmasq is re-enabled, it guarantees the DHCP server will remain off.
If you want Openwrt to be your DHCP server remove the DNS settings you have put there, Then you need to use option 6 to tell your devices to use pihole's IP('s).
Option 6 is located at
Network >> Interfaces >> >> Lan (Edit) >> DHCP server >> Advanced Settings
I would recommend that you look at what DNS requests are actually associated with the APs. As I said before, it is common for DNS requests to be made for things like ntp... so it is entirely possible that what you're seeing is actually coming from the APs themselves for standard operation, rather than on behalf of other devices that are connected to the AP.
