[derfraenk]

I have build 47282 running an R7800 (old, I know, but it's fast and reliable ) and I'm struggling to achieve a certain configuration with regards to DHCP servers passing different DNS options to clients on different networks.

This is my current setup:
* Wired LAN, wlan0 and wlan1 make up my main home network
* wlan1.1 and wlan1.2 are virtual interfaces for segregated guest and IoT wifi networks
* The router provides DHCP as well as recursive DNS resolver for my main home network
* For this, all "Static DNS" options are disabled, "Use DNSMasq for DNS" is enabled, "Recursive DNS Resolving (Unbound)" is enabled
* Router also provides DHCP as well as recursive DNS resolver for the guest and IoT networks
* For this, "Multiple DHCP Server"s are configured on wlan1.1 and wlan1.2
* In "DHCP Server" I have a few fixed leases that I need
* No "Additional DHCPd Options"
* No "Additional Dnsmasq Options"

This has been working perfectly for a long time. Clients only receive one DNS server via DHCP on all networks, which is the router's respective IP address in that network.

Lately I've been trying to set up a Pi-hole as a dedicated DNS server for my main home network only. For the guest and IoT networks I'd like to keep using the router's recursive resolver as the only DNS server. I tried to set Pi-hole's IP address as "Static DNS 1" in the DHCP server's options. That worked for the main home network of course, but clients on the guest and IoT networks also received this DNS server which broke DNS resolution. I guess I could try to route their DNS traffic to the pi-hole but I would much rather keep the networks completely separate.

Could anyone please give me advice how I might achieve this setup? My careful guess is that some magic "Additional Dnsmasq Options" (or possibly "Additional DHCPd Options") is what I need but I'm not experienced with Dnsmasq and since I don't have a spare router at the moment I'm wary of experimenting too much by myself.

[Alozaros]

there is something wrong with your setup but i cant see the all picture...atm too tired..
better update first as your build is very old and lack's of updated services...DNSmasq Unbound and ect...last build 55416 and probb a new is comming/expected soon, that has a DNSmasq fix too...

[derfraenk]

Thank you for your advice, Alozaros. You're of course completely right, I've been neglecting upgrading since it has been so stable. I might upgrade to build 53562 soon, but I I'm very hesitant to go higher because I saw that apparently with builds after that on R7800 you have to make a choice of either the router crashing or destroying gigabit performance.

[egc]

[derfraenk]

Thank you very much, egc! Both for confirming about build 53562 and the DHCP options. I'll try to learn more about them and see if I can get it to work that way. For understanding, would these be dhcpd options or Dnsmasq options?

And yes, you're correct, I'm trying to hand out different DNS servers for different interfaces. If you don't mind, could you please elaborate on why you think this may not be a good idea? I'd be happy to learn more and I don't mind setting it up differently if that's better.

Edit: I may not have made that part clear enough. The guest and IoT networks are separate from my home network and use different IP networks with no routing between them. This is why the clients in them lost DNS resolution when they were given the Pi-hole's IP address as DNS server. I'd like to keep this separation if possible.

[egc]

You can still have separation between subnets and still use the pihole as DNS server that has recently discussed here:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=329571

Having different DNS servers might stop local DNS resolving, see als the PiHole sticky in this forum.

Our local DNS/PiHole guru will probably also chime in later (knowing him he is drinking a beer at this time )

[derfraenk]

Thank you again! I had skimmed through the thread but it didn't seem to have what I wanted to achieve. But it could be just my lack of understanding. I will take more time this evening and read through the materials to try and understand better.

[ho1Aetoo]

[derfraenk]

ho1Aetoo, thank you as well. I have read through the sticky again and I think (read: "hope" ) that I understand now where I had the wrong idea. Perhaps this is also why I was too unclear and where the misunderstanding comes from.

I was trying to do something like in the 1. example:
* Home net: Client <--> Pi-Hole <--> Public DNS
* Guest net: Client <--> DD-WRT <--> Public DNS
* IoT net: Client <--> DD-WRT <--> Public DNS

My idea was that this would be preferable because it's fewer hops.

Now I understand that the 2. example would be better suited to my needs because this flow simply applies to all the networks:
Client <--> DD-WRT <--> Pi-Hole <--> Public DNS

Therefore I will forget about my misguided idea and try to set it up like this.

I appreciate everybody's contribution, it helped me a lot.

[derfraenk]

Just for documentation's sake: It works now with the suggested configuration. Turns out if you do it the correct way, it works. I like the idea that clients in the guest network also benefit from Pi-hole blocking this way. Thanks again to everyone for your help!

[ho1Aetoo]

Yes, I use the configuration myself - because it works without any problems with virtual isolated interfaces etc.
I also don't need sorting by different clients - I've been using the Pi-Hole for several years and it runs in the background and I only look at the statistics every week/month.

when it works - it works and there is nothing exciting to see

I also usually recommend this configuration, but there are users who absolutely want something else.
The other configurations also work if you don't use virtual interfaces, otherwise you have to tinker.