What’s about if I have unbound on pihole, so I want to make my pihole be the DNS server in the whole network?
So the clients connect to ipfire and have ipfire as DNS (blue, green) → ipfire has pihole (red) as DNS. Does it makes sense?
Firewall rule: ipfire-red to pihole (red) for 53 (tcp / udp)
The thing is, I have no free ports for DMZ, so I think, the only good solution is to have pihole in the red network (just connected to the provider router).
It’s about, what @trash-trash wrote:
“The right use of Pi-hole, were at eth red side, to resolve IPFire outgoing DNS requests, same idea as if you are using an external DNS service …
So you will be then able to use the benefits of both, of IPFire and of Pi-hole .
Make sure that clients be forced to use IPFire as the DNS and there the Proxy in none transparent too .”
So my network is like this:
Clients (DNS IPFire, with blocking rules for DNS requests to red) → IPFire (DNS PiHole) → PiHole (DNS unbound + hyperlocal / forgot to mention it!) and Router in red network → Internet
So PiHole does not guide the whole traffic through, but the DNS-Requests of the IPFire and has unbound and hyperlocal running.