Results 1 to 4 of 4
  1. #1
    Master Untangler
    Join Date
    Jun 2015
    Posts
    170

    Default Pi-Hole DNS server with multiple VLANs?

    Hi - I'm currently using a pi-hole DNS server (192.168.0.2) on my INTERNAL interface successfully. Also have another VLAN for IoT devices which is blocked from accessing my INTERNAL interface for security purposes.

    Is there any way to also route the IoT VLAN traffic to the pi-hole DNS server for traffic logging and security purposes? Or is it only possible with multiple pi-hole devices?

    Wasn't sure if others have ever attempted anything like this. Is it even possible?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,633

    Default

    You configured the block, go back to where you did that and configure the pinhole!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Master Untangler
    Join Date
    Jun 2015
    Posts
    170

    Default

    Quote Originally Posted by sky-knight View Post
    You configured the block, go back to where you did that and configure the pinhole!
    Thanks @sky-knight. So even though that VLAN is blacked from accessing the INTERNAL interface under the NGFW Firewall app, if I add the pi-hole address (192.168.0.2) under the DNS override in the VLANís Interface, it can still use the pi-hole as itís DNS?


    Sent from my iPhone using Tapatalk

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,633

    Default

    No, you make another firewall rule above the block rule that passes the traffic you want. Namely stuff destined to 192.168.0.2, protocols TCP and UDP, and destination port 53.

    Though yes, if you bypass DNS the firewall will never see the DNS traffic to block it, so I suppose you could do that too. But that also means you've allowed all DNS going anywhere anytime, allowing devices to bypass the pihole... that is probably not what you want.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2