DNS-forwarding leads to some sites not loading

Hello together,

i have a question about my configuration for my green and blue network.

I am operating a pihole DNS-Resolver running on a machine inside the green network and i want all clients in green and blue to use this server for DNS-requests.

Therefore i configured my IPFire-machine to use this server als the DNS. Inside the DHCP-configuration for blue and green, i set the respective interface-address of the IPFire as the DNS-Server-Address.

IPFire Green: => DHCP-DNS for clients:
IPFire Blue: => DHCP-DNS for clients:

This works well and IPFire hands incoming DNS-requests over to the pihole machine.

The problem is, that there are very few websites (at the moment i know of two, from which one is important for me), which do not load correctly but end in a ERR_NAME_NOT_RESOLVED in the browser. After hitting F5 various times, the website will load correctly at some point.

I was able to reduce the problem to the IPFire DNS-forwarding since the problem does not occur when i directly enter the IP-address of pihole in the configuration of a client. As this is not a possible solution since not all clients have access to green, i am searching for a solution.

Does anyone know where the cause for this problem could be?
Is this possibly a caching issue?

Thank you very much in advance for your help and your time!

A few solutions for you.

    1. Solution make a Pinhole from blue to green for dns and your Pihole only. Your Dhcp entry for DNS Client: enter your Pihole in green.
    1. Solution You Put Pihole to the blue Net. Default setting IPF, green have access to blue. Your Dhcp entry for DNS Client: enter your Pihole in blue
    1. If you have orange you can put also Pihole here. Also default blue and green have access to orange. Your Dhcp entry for DNS Client: enter your Pihole in orange. Of course dont open Pihole from the Wan side.

I dont use pihole but i prefer solution 2 or 3.

I guess its because IPF do not like if you f**k up the DNS settings :wink:

Thank you for your fast response.

Those solutions are suitable to solve my problem and i will implement one of them as a last possibility if other ways fail.

But before doing this - you are writing that the way i manage my DNS today is screwed up. Why is that so? Is my configuration running now not “a way it is meant to be done”? If so, what am i doing wrong?

And why are only very few websites affected?
Is there any way to reset IPFire-unbound to test if this is a caching-issue?

I have not really experience with pihole. All what i read about, they break dnssec. Thats why i think pihole behind IPF is the better choice. And i forgot to mention, but i think its already clear, you must change back IPF do your prefered DNS Server.

You can look here


Thank you for your further assistance. I moved the pihole-VM from the green to the orange network today. Everything seems to run as expected now, no more errors concerning paypal until now.

I will continue to monitor this closely, but i think the “double DNSSEC-chain” between the IPFire and pihole was the culprit.

Thank you very much for your time.