Fritzbox - IPFire - (green)Switch - Raspberry as DNS (with Pi-hole and unbound)
If i use the green IP of IPFire as Gateway and the IP of the Raspberry as DNS all works fine.
My question is how to configer the IPFire (Domain Name System) to use the IP of IPFire as DNS?
With no entry in the Domain Name System section of IPFire, i have Status: Working (Recursor Mode), i guess IPFire use my fritzbox as DNS
if i enter the IP of my Raspberry i get rDNS Reverse lookup failed
Use ISP-assigned DNS servers is disabled.
thanks in advance
p.s. German answer is also ok
No. It runs in recursor mode and ask the rootservers directly if no server is configured.
The IPFire dns cache can use only upstream servers that support DNSSec. Use the test to check the servers.
That the rDNS fail is normal for a local ip. It will only work for correct registered public IPs. Servers that correct support DNSSec should work still if rDNS is failing.
There are quite a few IPfire forum posts relating to Pi-hole and DNS filtering in general. My understanding is, that Pi-hole effectively breaks DNSSEC and hence is not considered safe. If it it to be used, it should be used inside your network rather than the link to external DNS servers.
From my experience this consisted of using the Pi-hole to point to your IPfire box for DNS (e.g 192.168.100.1) and the IPfire box to point to external DNS (e.g. 220.127.116.11). This then means that the DNSSEC will not be broken until inside your network.
For completeness, using Pi-hole as DHCP worked well for me and also consider adding a firewall rule on IPfire to block devices from making their own external DNS requests.
I’m by no means an expert, just my understanding from other discussions relating to this subject.
If the Pi is not essential for your Setup, you can also do the filtering directly by the IpFire build-in unbound. Mike Kuketz had explained it very well, and his solution works great for about now three years for me.
The URL is: https://www.kuketz-blog.de/dns-adblocker-skript-fuer-ipfire-ipfire-teil2/
It’s an EZPZ setup. Just a script, a Cronjob and (if you need it) a custom Black- and Whitelist.
Point Pi-hole to use IPfire DNS.
Clients use Pi-Hole DNS
Latency. Gamers love it.