Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 20009 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attempting to run PiHole as my internal DNS but it's not being routed XG17

Pickle Rick

So with SG 9.5 I have used Pihole AdBlocker since I could subscribe to a huge library of AD and Tracking sites to be blocked (In Untangle that I run on my second network this is unnecessary since Untagle ingests easylist style syntax).

 

So now I setup a static DNS rule and choose the internal LAN IP of my Raspberry PI but anytime I do the DNS Test, it fails.  I can lookup anything else like google 8.8.8.8 but the internal LAN fails. 

 

Any tips on how to get this to work?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Do you point the device at the XG as its DNS? Do you have a firewall rule blocking all outgoing DNS requests except from your Ad blocker device.

    Do you point all you devices DNS at the sd blocker?

    With XG you also have access to the Application rules I assume you have a full licence which contains ad blocking features with room for improvement though.

    Please post some screenshots of your rules and settings.

    Ian

  • 0 in reply to rfcat_vk

    All devices are pointed to Sophos gateway IP and and the sophos gateway has the Static DNS set to the AD Blocker.  Since gateway is DHCP then I want it to manage the distribution of both the IP and DNS allocations to all clients.

     

  • 0 in reply to Pickle Rick

    I am assuming that pihole is using XG as gateway? You don't need the pihole firewall rules in your setup as they are not doing anything(Rule7 and Rule 8).

    In your XG firewall, Go to network > DNS and change the dns to static. Remove 127.0.0.1 and any other servers in that list and only put pi-hole as your dns server.

    Create a new firewall rule: source LAN, source network pi-hole destination wan, destination network ANY, Allow services DNS and http/s (This will allow pi-hole to access  remote servers and update itself)

    Optional: Change your firewall rule 2 that allows ANY service outbound because if the clients are using their own assigned dns server, they will be able to bypass pi-hole. Also Rule 4 is not needed since XG is a stateful firewall and would deny incoming traffic that is not initiated by an internal client.

Reply
  • 0 in reply to Pickle Rick

    I am assuming that pihole is using XG as gateway? You don't need the pihole firewall rules in your setup as they are not doing anything(Rule7 and Rule 8).

    In your XG firewall, Go to network > DNS and change the dns to static. Remove 127.0.0.1 and any other servers in that list and only put pi-hole as your dns server.

    Create a new firewall rule: source LAN, source network pi-hole destination wan, destination network ANY, Allow services DNS and http/s (This will allow pi-hole to access  remote servers and update itself)

    Optional: Change your firewall rule 2 that allows ANY service outbound because if the clients are using their own assigned dns server, they will be able to bypass pi-hole. Also Rule 4 is not needed since XG is a stateful firewall and would deny incoming traffic that is not initiated by an internal client.

Children