Hello together,
i have a question about my configuration for my green and blue network.
I am operating a pihole DNS-Resolver running on a machine inside the green network and i want all clients in green and blue to use this server for DNS-requests.
Therefore i configured my IPFire-machine to use this server als the DNS. Inside the DHCP-configuration for blue and green, i set the respective interface-address of the IPFire as the DNS-Server-Address.
Example:
DNS: 192.168.1.5
IPFire Green: 192.168.1.1 => DHCP-DNS for clients: 192.168.1.1
IPFire Blue: 192.168.2.1 => DHCP-DNS for clients: 192.168.2.1
This works well and IPFire hands incoming DNS-requests over to the pihole machine.
The problem is, that there are very few websites (at the moment i know of two, from which one is important for me), which do not load correctly but end in a ERR_NAME_NOT_RESOLVED in the browser. After hitting F5 various times, the website will load correctly at some point.
I was able to reduce the problem to the IPFire DNS-forwarding since the problem does not occur when i directly enter the IP-address of pihole in the configuration of a client. As this is not a possible solution since not all clients have access to green, i am searching for a solution.
Does anyone know where the cause for this problem could be?
Is this possibly a caching issue?
Thank you very much in advance for your help and your time!
A few solutions for you.
-
- Solution make a Pinhole from blue to green for dns and your Pihole only. Your Dhcp entry for DNS Client: enter your Pihole in green.
-
- Solution You Put Pihole to the blue Net. Default setting IPF, green have access to blue. Your Dhcp entry for DNS Client: enter your Pihole in blue
-
- If you have orange you can put also Pihole here. Also default blue and green have access to orange. Your Dhcp entry for DNS Client: enter your Pihole in orange. Of course dont open Pihole from the Wan side.
I dont use pihole but i prefer solution 2 or 3.
I guess its because IPF do not like if you f**k up the DNS settings 
Thank you for your fast response.
Those solutions are suitable to solve my problem and i will implement one of them as a last possibility if other ways fail.
But before doing this - you are writing that the way i manage my DNS today is screwed up. Why is that so? Is my configuration running now not “a way it is meant to be done”? If so, what am i doing wrong?
And why are only very few websites affected?
Is there any way to reset IPFire-unbound to test if this is a caching-issue?
I have not really experience with pihole. All what i read about, they break dnssec. Thats why i think pihole behind IPF is the better choice. And i forgot to mention, but i think its already clear, you must change back IPF do your prefered DNS Server.
You can look here
https://wiki.ipfire.org/dns/public-servers
Thank you for your further assistance. I moved the pihole-VM from the green to the orange network today. Everything seems to run as expected now, no more errors concerning paypal until now.
I will continue to monitor this closely, but i think the “double DNSSEC-chain” between the IPFire and pihole was the culprit.
Thank you very much for your time.