Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 20015 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attempting to run PiHole as my internal DNS but it's not being routed XG17

Pickle Rick

So with SG 9.5 I have used Pihole AdBlocker since I could subscribe to a huge library of AD and Tracking sites to be blocked (In Untangle that I run on my second network this is unnecessary since Untagle ingests easylist style syntax).

 

So now I setup a static DNS rule and choose the internal LAN IP of my Raspberry PI but anytime I do the DNS Test, it fails.  I can lookup anything else like google 8.8.8.8 but the internal LAN fails. 

 

Any tips on how to get this to work?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Do you point the device at the XG as its DNS? Do you have a firewall rule blocking all outgoing DNS requests except from your Ad blocker device.

    Do you point all you devices DNS at the sd blocker?

    With XG you also have access to the Application rules I assume you have a full licence which contains ad blocking features with room for improvement though.

    Please post some screenshots of your rules and settings.

    Ian

  • 0 in reply to rfcat_vk

    All devices are pointed to Sophos gateway IP and and the sophos gateway has the Static DNS set to the AD Blocker.  Since gateway is DHCP then I want it to manage the distribution of both the IP and DNS allocations to all clients.

     

  • 0 in reply to Pickle Rick

    I am assuming that pihole is using XG as gateway? You don't need the pihole firewall rules in your setup as they are not doing anything(Rule7 and Rule 8).

    In your XG firewall, Go to network > DNS and change the dns to static. Remove 127.0.0.1 and any other servers in that list and only put pi-hole as your dns server.

    Create a new firewall rule: source LAN, source network pi-hole destination wan, destination network ANY, Allow services DNS and http/s (This will allow pi-hole to access  remote servers and update itself)

    Optional: Change your firewall rule 2 that allows ANY service outbound because if the clients are using their own assigned dns server, they will be able to bypass pi-hole. Also Rule 4 is not needed since XG is a stateful firewall and would deny incoming traffic that is not initiated by an internal client.

  • 0 in reply to Billybob

    Still NO worky.  The Pi Can talk with outside WAN since I can perform sudo apt-get update/upgrade etc no problem

     

  • 0 in reply to Pickle Rick

    Can you do a nslookup/dig on the pi-hole from your local computer. If you ssh into pi-hole, is it resolving correctly?

    I am assuming 192.168.1.158 is the pi-hole

    What does dig @192.168.1.158 google.com from linux

    or 

    nslookup google.com 192.168.1.158 gives you from your windows client.

    Sorry, I don't have pi-hole running at the moment so just giving you random ideas for troubleshooting.

  • 0 in reply to Billybob

    Nope nada.

     

    Putty to the left and powershell to the right

     

  • +1 in reply to Pickle Rick

    looks like the pi-hole is having issues. ssh on pi-hole and try

    dig google.com

    and dig @8.8.8.8 google.com

    If 8.8.8.8 query works then connectivity is fine and your dnsmasq (dns resolver) on pi-hole is not working. you may try restarting the services or reinstalling pi-hole. Once you get the pi-hole to answer then your setup with xg will work fine as all your other settings look good to me.

Reply
  • +1 in reply to Pickle Rick

    looks like the pi-hole is having issues. ssh on pi-hole and try

    dig google.com

    and dig @8.8.8.8 google.com

    If 8.8.8.8 query works then connectivity is fine and your dnsmasq (dns resolver) on pi-hole is not working. you may try restarting the services or reinstalling pi-hole. Once you get the pi-hole to answer then your setup with xg will work fine as all your other settings look good to me.

Children