Pi-hole and ISP-provided routers...
-
Glad you got it going with the domain controller. Just to add some umph to your umphness... The modem/router may or may not have a DNS server (most don't), but that's not the same thing as its DNS settings, which most likely will point to your ISP's DNS. So, in effect it would just be a pass through and your DNS look ups are still using the ISP's servers directly. Just guessing in the past, you had that VM set up to talk to your ISP's DNS servers and then your machine's DNS settings pointing to the VM. So, in effect, it was acting kinda like a domain controller. Pihole is awesome btw. I'll stick it on a cheapo raspberry pi though. Works like a champ. I'll set the pi up to use either my ISP's DNS servers directly or just use Google's. Then I'll configure my machines (or domain controller) to use the raspberry pi as its DNS server. Installing Pihole automatically includes installing DNS software, including caching and everything. Just FYI, if you ever into DNS issues with your ISP, Google offers free to use ones to bypass any ISP wonkiness. Primary
8.8.8.8and secondary8.8.4.4. Seriously, do an ARIN search on it, those are Google IPs.Jeremy Falcon
My previous ISP only provided me with a modem (no router functionality), so I used my own router and specified Pi-Hole's static IP for its primary DNS. Since that router is now gone, and my current ISP's router doesn't allow me to specify an alternate DNS, Pi-Hole essentially stopped working then. But as I said, when I can afford some down time, I'll set up the ISP's router in bridge mode and bring my old router back online to take over. [Edit] And yes, I've been relying on Google's DNS for years. I see no other reason to look for alternatives. [Edit] Since everybody should be using Google's DNS anyway, why don't they do us all a big favor and implement their own equivalent Pi-Hole functionality? Oh, wait, they're in the ad business, that's the last thing they'd ever do...
-
DNS resolution only takes up so much time; once that's done and a large download is initiated, it gets out of the way. What are you doing that would make 2gbps up/down worth it? :-) And then your router, and whatever machine(s) you're doing your downloads from, would also all need to support it. You can't assume all of the latest hardware does automatically. Heck they still sell 100mbps switches brand new.
I've never actually seen a Pi-Hole. I've only heard about them. I didn't know how they worked. I thought they were a full on network pass through filter, not just DNS.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
-
I changed ISPs back in January, and it just so happens I started running into problems, roughly at the same time, with the Debian VM I had running Pi-Hole. Eventually I just shut it down, and I hadn't tried to recreate it until recently. I quickly realized that *nothing* was going through Pi-Hole anymore (reinstalled from scratch, including the OS). Total Queries and Queries Blocked figures remained at 0. As I used to, I provided Pi-Hole's (static) IP as my primary DNS on a few systems (also all using static IPs), followed by my DC's IP, and finally my router's (192.168.1.1) - in that order. Unlike the router I was previously using, my (new) ISP's router does NOT present any option to specify any DNS server. I've gone through every page, including settings hiding under Advanced buttons. Nothing about DNS. I know very little about DNS, but searching through articles discussing problems with Pi-Hole, I did find something that also adds domain controllers to the mix. I do have a domain controller, which is set up with its own DNS service. I launched its DNS Manager, selected my domain, selected Forwarders, right-click, Properties, then added Pi-Hole's static IP as the first entry (the only other one being my router, which - after this change - is now the second in the list). Bingo - suddenly the Request and Blocked figures immediately shot up, and pages that used to be riddled with ads now show blank spaces where ads used to be. Bonus, since all my systems already have my DC's IP for their primary DNS, I don't have to add Pi-Hole's IP anywhere (but as a forwarder on the DC itself, which is a one-time operation). But a question remains. If I had a system that had its preferred DNS set up as this (in this order): a) Pi-Hole b) The DC c) The router ...why would the queries not go to Pi-Hole first and foremost? Now my configuration is: a) The DC (with Pi-Hole's IP under Forwarders) b) The router ...and it all works. Why? Either way, I hope this helps someone.
DNS is so crazy nowadays. A couple things to note that wasn't mentioned. Default settings for computers are to accept whatever DNS server that the DHCP server gave them when connecting to a network. So it is, without doubt, the ISP-provided router that is choosing to give their choice of DNS instead of your choice (the Pi) at the moment your machine requests an IP address from the router's DHCP server. Probably your Domain Controller setup fixes this by being the gateway and/or DHCP server for the network, and that allows you to choose what you wish. Do note that cable companies like Comcast *want* you to have their all-in-one modem/router combos, but they still *allow* you to have home-owned modem devices (certain ones are allowed, but they don't typically restrict it except by DOCSIS version capabilities). Bonus -- you don't pay the rental fee for having their all-in-one combo, Bonus 2 -- you can control what your router actually does. When you have your own device, you can easily just set in the router config what DNS server will get returned to DHCP clients, and done deal. Note that on computer side, you can override this with manual configuration per network (But Windows 11 is actually broken currently, and gets confused over whether this is set local to a network or globally for all networks -- Sigh -- that's a fun one to fix if you've ever had it manually set and Win11 UI won't allow you to change it, and nothing works to reset it) Further, a browser can choose to resolve domain names differently as well, using DNS over HTTP -- it may also be that you have to turn this off to get things to work as expected. A huge headache all around. Remember when the internet was simpler and well-designed hierarchy?
-
I've never actually seen a Pi-Hole. I've only heard about them. I didn't know how they worked. I thought they were a full on network pass through filter, not just DNS.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
[Pi-Hole](https://pi-hole.net/) is actually software. It might have originated for (or have been designed to run on) rPI, but I run it on a small Linux VM.
-
DNS is so crazy nowadays. A couple things to note that wasn't mentioned. Default settings for computers are to accept whatever DNS server that the DHCP server gave them when connecting to a network. So it is, without doubt, the ISP-provided router that is choosing to give their choice of DNS instead of your choice (the Pi) at the moment your machine requests an IP address from the router's DHCP server. Probably your Domain Controller setup fixes this by being the gateway and/or DHCP server for the network, and that allows you to choose what you wish. Do note that cable companies like Comcast *want* you to have their all-in-one modem/router combos, but they still *allow* you to have home-owned modem devices (certain ones are allowed, but they don't typically restrict it except by DOCSIS version capabilities). Bonus -- you don't pay the rental fee for having their all-in-one combo, Bonus 2 -- you can control what your router actually does. When you have your own device, you can easily just set in the router config what DNS server will get returned to DHCP clients, and done deal. Note that on computer side, you can override this with manual configuration per network (But Windows 11 is actually broken currently, and gets confused over whether this is set local to a network or globally for all networks -- Sigh -- that's a fun one to fix if you've ever had it manually set and Win11 UI won't allow you to change it, and nothing works to reset it) Further, a browser can choose to resolve domain names differently as well, using DNS over HTTP -- it may also be that you have to turn this off to get things to work as expected. A huge headache all around. Remember when the internet was simpler and well-designed hierarchy?
Tiger12506 wrote:
accept whatever DNS server that the DHCP server gave them when connecting to a network. So it is, without doubt, the ISP-provided router that is choosing to give their choice of DNS instead of your choice (the Pi) at the moment your machine requests an IP address from the router's DHCP server.
Although I have DHCP enabled in my ISP's router, all systems connected to my network - except maybe for my phone - have been given an explicit IP address, locally. Still, based on what I've seen, it did look like the ISP's router got first dibs, despite DNS on any given computer specified as Pihole -> DC -> Router. Until I set up the forwarder on the DC to point to the Pihole machine, and then I removed Pihole from the explicit DNS entry on individual endpoints.
Tiger12506 wrote:
Remember when the internet was simpler and well-designed hierarchy?
Was it, ever? Simpler, maybe, but we were dealing with different problems.
-
[Pi-Hole](https://pi-hole.net/) is actually software. It might have originated for (or have been designed to run on) rPI, but I run it on a small Linux VM.
Ohhhhhhhhhh I'm thinking of something maybe related. There's a little RPi dongle that plugs into your network you can do filtering and such with.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
-
DNS resolution only takes up so much time; once that's done and a large download is initiated, it gets out of the way. What are you doing that would make 2gbps up/down worth it? :-) And then your router, and whatever machine(s) you're doing your downloads from, would also all need to support it. You can't assume all of the latest hardware does automatically. Heck they still sell 100mbps switches brand new.
I did some network switching around recently and learned how important the cables are. My upstream is fiber optic. Find a good bandwidth tester. Start with the simplest setup with the shortest cables. Find the fastest speed even switching cables in the simplest setup to see if there is any impact. Test every step of every change. Why bother with a 1gig switch if you crater your throughput somewhere along the path.
-
I've never actually seen a Pi-Hole. I've only heard about them. I didn't know how they worked. I thought they were a full on network pass through filter, not just DNS.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
I wrote a step by step for pi hole. See https://keyliner.blogspot.com/2018/01/network-wide-blocking-of-ads-tracking.html
-
I changed ISPs back in January, and it just so happens I started running into problems, roughly at the same time, with the Debian VM I had running Pi-Hole. Eventually I just shut it down, and I hadn't tried to recreate it until recently. I quickly realized that *nothing* was going through Pi-Hole anymore (reinstalled from scratch, including the OS). Total Queries and Queries Blocked figures remained at 0. As I used to, I provided Pi-Hole's (static) IP as my primary DNS on a few systems (also all using static IPs), followed by my DC's IP, and finally my router's (192.168.1.1) - in that order. Unlike the router I was previously using, my (new) ISP's router does NOT present any option to specify any DNS server. I've gone through every page, including settings hiding under Advanced buttons. Nothing about DNS. I know very little about DNS, but searching through articles discussing problems with Pi-Hole, I did find something that also adds domain controllers to the mix. I do have a domain controller, which is set up with its own DNS service. I launched its DNS Manager, selected my domain, selected Forwarders, right-click, Properties, then added Pi-Hole's static IP as the first entry (the only other one being my router, which - after this change - is now the second in the list). Bingo - suddenly the Request and Blocked figures immediately shot up, and pages that used to be riddled with ads now show blank spaces where ads used to be. Bonus, since all my systems already have my DC's IP for their primary DNS, I don't have to add Pi-Hole's IP anywhere (but as a forwarder on the DC itself, which is a one-time operation). But a question remains. If I had a system that had its preferred DNS set up as this (in this order): a) Pi-Hole b) The DC c) The router ...why would the queries not go to Pi-Hole first and foremost? Now my configuration is: a) The DC (with Pi-Hole's IP under Forwarders) b) The router ...and it all works. Why? Either way, I hope this helps someone.
Just to throw my 2 cents in.. I would advise to avoid using a modem/router combo device, especially an ISP provided one. When possible, always use independent modem and router devices. Reasons: - You don't want the ISP to have direct access to your internal network. This also includes anyone unauthorized who accesses the device due to the ISP's lack of security. - These things hit EoL far too quickly. Why pay twice the money to replace a device if it no longer gets security updates, or you just want better features. Also installing an opensource firmware to get extra life out of an older device isn't going to support many, if any, combo devices. - Technology lock-in. If you have a cable modem/router and want to move to an ISP with DSL, fiber, satellite, etc, you'll have to start from scratch with router setup. But with a separate device, you just plug your old configured router into the new modem and you're done. - Better hardware selection. Why be limited to a much smaller set of combo device choices when shopping for specific features, e.g. USB/NAS, detachable WiFi antennas, gigabit ethernet ports, PoE ports. - [Often] better customization (the issue behind the OP).
-
Just to throw my 2 cents in.. I would advise to avoid using a modem/router combo device, especially an ISP provided one. When possible, always use independent modem and router devices. Reasons: - You don't want the ISP to have direct access to your internal network. This also includes anyone unauthorized who accesses the device due to the ISP's lack of security. - These things hit EoL far too quickly. Why pay twice the money to replace a device if it no longer gets security updates, or you just want better features. Also installing an opensource firmware to get extra life out of an older device isn't going to support many, if any, combo devices. - Technology lock-in. If you have a cable modem/router and want to move to an ISP with DSL, fiber, satellite, etc, you'll have to start from scratch with router setup. But with a separate device, you just plug your old configured router into the new modem and you're done. - Better hardware selection. Why be limited to a much smaller set of combo device choices when shopping for specific features, e.g. USB/NAS, detachable WiFi antennas, gigabit ethernet ports, PoE ports. - [Often] better customization (the issue behind the OP).
I completely agree with what you wrote. The problem with my ISP's supplied modem/router is that I can't even set it up in bridge mode (and I've looked). Given that, all bets are off. I really, really hate how it's forcing me to let it take over. I'm no network expert, and all my attempts so far to re-introduce my own router into the mix (since the ISP's is hardly configurable) results in things getting broken - as in, fixing one problem raises another (or more).
-
I completely agree with what you wrote. The problem with my ISP's supplied modem/router is that I can't even set it up in bridge mode (and I've looked). Given that, all bets are off. I really, really hate how it's forcing me to let it take over. I'm no network expert, and all my attempts so far to re-introduce my own router into the mix (since the ISP's is hardly configurable) results in things getting broken - as in, fixing one problem raises another (or more).
-
Your router doesn't support bridge mode, or theirs doesn't? Are you limited to OEM firmware on your router, or can you install open source firmware (e.g. OpenWRT) to expand its functionality?
*My* router is already running third-party firmware (DD-WRT). My *ISP*'s router doesn't support bridge mode. It's from Rogers, up here in Canada. They sent me a Nokia FastMile 5G Gateway. I've found plenty of threads written by people who are a lot better at networking than I am, and they're all saying the same thing. You're SOL. I do understand some of the alternatives one might still have, but that'll be a rather unpleasant and time-consuming transition. I need my connection for work, so I can't afford much down time.
-
*My* router is already running third-party firmware (DD-WRT). My *ISP*'s router doesn't support bridge mode. It's from Rogers, up here in Canada. They sent me a Nokia FastMile 5G Gateway. I've found plenty of threads written by people who are a lot better at networking than I am, and they're all saying the same thing. You're SOL. I do understand some of the alternatives one might still have, but that'll be a rather unpleasant and time-consuming transition. I need my connection for work, so I can't afford much down time.
If no one else has suggested it, how about this possibility: Configure your router as a bridge (WAN<->LAN), instead of NAT. Block all DHCP traffic from their router and do your own DHCP server with compatible address pool settings. So all devices will still route through their device, but you fully control the DHCP settings.
-
If no one else has suggested it, how about this possibility: Configure your router as a bridge (WAN<->LAN), instead of NAT. Block all DHCP traffic from their router and do your own DHCP server with compatible address pool settings. So all devices will still route through their device, but you fully control the DHCP settings.