Irregular DNS, Name lookup, Dual PiHole??

Thiefsie

New Around Here
OK sorry but I'm a bit green to this. I've got a DSL-68U (with Gnuton) and AC-68U hooked up fine. Mesh-config, wired together.

My internet works via a second ethernet WAN - and I suspect this maybe causing my issue? (Good old Australian NBN over HFC doesn't require the 'modem').

Essentially I have a dual PiHole setup and only one PiHole appears to be seeing traffic (a la DNS resolution). The other PiHole is receiving no hits - and as far as I can tell I've set this as the first/primary DNS address in all cases.

One PiHole is on a Synology NAS (within Docker) and appears to be working fine.

The other is on a Win 11 PC running a Linux VM exclusively for the PiHole and is loading and the admin console loads fine, however it is seeing no traffic whatsoever.

Both PiHoles have conditional forwarding on, assigned to the router - although this doesn't appear to be helping client identification in the logs...? (A less important issue frankly):
pihole.JPG


The weird thing is that the Win 11 PC is getting different DNS name resolution than what the router is telling me (WTF?!)

Asus WRT (Gnuton 386.5_2) is displaying this:
clients.JPG

^^^ Note the IP of the Optiplex - 192.168.1.5

This is the network setting on that Win 11 PC (Optiplex):
Ethernet.JPG

^^^ I've assigned a static IP from that PC/Optiplex - NOT via the router. This all appears good - same as from the router. MAC addresses show it is the same hardware.

But an nslookup renders this result:
wtf.JPG

^^^ 192.168.1.48 ???!
The reason I'm doing an nslookup is the admin login for the Win 11 (Optiplex) PiHole works at optiplex/admin, so some DNS resolution is happening somewhere....! Could this be the linux VM messing it up? The setup is from here: https://github.com/DesktopECHO/Pi-Hole-for-WSL1

For reference, these are my router settings which I've gathered from various posts around these parts:
dhcp.JPG

^^^ empty DNS servers as per posting here: https://www.snbforums.com/threads/merlin-wrt-asus-ax88u-two-pinholes-unbound-ipv6.79191/



Post carried on below (image limit):
 
Last edited:

Thiefsie

New Around Here
filter.JPG

^^^ DNS filter settings - Optiplex PiHole isn't working - looks to be the DNS issue illustrated above. Totoro (Nas) PiHole working fine.

WAN.JPG

^^^ Internet / WAN settings - requires ethernet Dual WAN to use local internet (via NTD box) - Australian NBN network - Telstra - see below:
WANdual.JPG

^^^ Dual WAN settings as above


So does anyone have any smart ideas???

For reference I tried 192.168.1.48 as the primary WAN DNS in the settings and this made no difference whatsoever that I could tell.

Also, neither 192.168.1.5:8888/admin or 192.168.1.48:8888/admin bring up the PiHole console, yet optiplex/admin does....?
 

Attachments

  • 1654608863284.png
    1654608863284.png
    56.4 KB · Views: 20
Last edited:

Thiefsie

New Around Here
Ah... weird issue I've found...:
Even though I have disabled the wifi network on the Win 11 PC (Optiplex), it appears that the PiHole is using with wifi0 interface instead of eth0.

This still strikes me as odd being that the router is still showing the correct ethernet connection, so I'm not sure why DNS is resolving the an IP that frankly doesn't exist as far as the router is concerned.
 

Thiefsie

New Around Here
OK altering the interface from the PiHole seems to have fixed that particular PiHole, but doesn't explain the issues with the DNS name resolution on the router/Optiplex.
For some reason the Optiplex PiHole handles a lot less traffic than the other one now, which is stated as the second PiHole everywhere, rather than the primary.

What divides the traffic between the pair of PiHoles?
 

ColinTaylor

Part of the Furniture
OK altering the interface from the PiHole seems to have fixed that particular PiHole, but doesn't explain the issues with the DNS name resolution on the router/Optiplex.
For some reason the Optiplex PiHole handles a lot less traffic than the other one now, which is stated as the second PiHole everywhere, rather than the primary.

What divides the traffic between the pair of PiHoles?
The reason is your WAN DNS settings. The router's DNS server (dnsmasq) starts off using the second nameserver. In theory its meant to favour the fastest server and periodically checks to see which that is. But a server has to be significantly faster than the current one for it to switch servers.

So when both servers respond about the same as each other the vast majority of traffic will go to the second server, with occasional queries (just to check the speed) to the first.
 

SomeWhereOverTheRainBow

Part of the Furniture
The reason is your WAN DNS settings. The router's DNS server (dnsmasq) starts off using the second nameserver. In theory its meant to favour the fastest server and periodically checks to see which that is. But a server has to be significantly faster than the current one for it to switch servers.

So when both servers respond about the same as each other the vast majority of traffic will go to the second server, with occasional queries (just to check the speed) to the first.
This behavior can be overridden by appending all-servers with dnsmasq.postconf . While the behaviors are not perfect i am sure the firewall with dnsfilter plays a factor on the differences you will see on my three piholes, but here is mine.

1654654020095.png
 
Last edited:

ColinTaylor

Part of the Furniture
this behavior can be overridden by appending all-servers with dnsmasq.postconf
Indeed. (I use this myself in dnsmasq.conf.add).

@Thiefsie Bear in mind that the all-servers parameter sends all queries to both servers. So there's no load balancing or round robin behaviour going on.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top