VLAN devices not getting DNS served by pihole

Related post: No wireless internet for VLAN

Since above topic is marked solved, starting a new one.

I've realized the pihole setup is not working correctly. Previously, I was using multiple DNS servers in addition to pihole IP. When I switched it back to just using the pihole IP (192.168.1.5), DNS queries are not being served.

For now I'm just trying to get this work on my Guest network as I need my other devices to work. I added the traffic rule as @psherman pointed out (also as suggested in OneMarkFifty's firewall video)

No luck. I tried just forwarding guest zone to the pihole IP on port 53 to lan, but it still didn't work

When I'm connected to the Guest network, I'm able to ping the 192.168.1.5 and also access the pihole web interface. There is internet connectivity but no dns resolution i.e. I can ping 8.8.8.8 but not google.com

Attaching relevant details from

  • /etc/config/dhcp
config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dhcp_option '6,192.168.1.5,94.140.14.14,94.140.14.15,1.1.1.1'    

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config dhcp 'guest_interface'
        option interface 'guest_interface'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list dhcp_option '6,192.168.1.5'

Relevant Firewall:

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option flow_offloading '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config zone
        option name 'guest_zone'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'guest_interface'

config rule
        option name 'Allow-DHCP-DNS-Guest'
        option src 'guest_zone'
        option dest_port '53 67 68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-DNS-Guest'
        option src 'guest_zone'
        option dest 'lan'
        option dest_port '53'
        option target 'ACCEPT'
        list dest_ip '192.168.1.5'

config forwarding
        option src 'guest_zone'
        option dest 'wan'

What is configured in Pi-hole Settings - DNS - Interface Settings ?

Its set to 'Allow only local requests'. Does that mean it will only respond to 192.168.1.0/24?

If so, what would be the correct option?

  • Respond only on interface eth0
  • Bind only to interface eth0
  • Permit all origins (this sounds scary lol)

Yes. Please refer to the Pi-hole documentation linked on that page. They have all the options explained.

I tried changing these settings but still could get this to work. I had unbound installed the server as well. Removed the package and stopped the service but still no dns on vlan

I would try to separate possible problems. Assuming OpenWrt is configured properly, you should see the DNS requests on the server when you run sudo tcpdump -v port 53 there.

Try removing port 53 from this rule.

I tried doing that earlier but that didn't work either. Restarted the router for good measure, but no luck

As a test, add forwarding from the guest zone to the lan zone. Then, from a host on the guest network:

  • ping your pihole
  • ssh to the pi hole
  • connect to the pihole admin
  • perform dns lookups