Pihole be the DNS server in the whole network?

What’s about if I have unbound on pihole, so I want to make my pihole be the DNS server in the whole network?

So the clients connect to ipfire and have ipfire as DNS (blue, green) → ipfire has pihole (red) as DNS. Does it makes sense?

Firewall rule: ipfire-red to pihole (red) for 53 (tcp / udp)

The thing is, I have no free ports for DMZ, so I think, the only good solution is to have pihole in the red network (just connected to the provider router).

If I understand what you are asking:

clients – (green) → IPFire – (red) → PiHole → Internet

PiHole is not the most secure device. The IPFire is much more secure since it is a hardened firewall.

So I would not configure things this way. And I would strongly recommend not to have PiHole connected to red (the Internet).

This is what I have:
Client (DNS) → PiHole (DNS) → IPFire (DNS) → to external DNS Server

See this post:


And this is what I did to connect GREEN and BLUE to PiHole.


Hey and thanks!

It’s about, what @trash-trash wrote:
“The right use of Pi-hole, were at eth red side, to resolve IPFire outgoing DNS requests, same idea as if you are using an external DNS service …
So you will be then able to use the benefits of both, of IPFire and of Pi-hole .
Make sure that clients be forced to use IPFire as the DNS and there the Proxy in none transparent too .”

So my network is like this:
Clients (DNS IPFire, with blocking rules for DNS requests to red) → IPFire (DNS PiHole) → PiHole (DNS unbound + hyperlocal / forgot to mention it!) and Router in red network → Internet

So PiHole does not guide the whole traffic through, but the DNS-Requests of the IPFire and has unbound and hyperlocal running.

Bad, bad, bad… Just be careful! If I understand what you are setting up, your PiHole device is NOT protected from the internet by a firewall.

1 Like

it’s not secured by ipfire, just by the standard router firewall (surely not so good). So it’s not just in the open wide internet.

Maby I can get the old nanobox working. How could I set up the network with the second ipfire for the pihole? Does it make sense?