Jafner/Jafner.net
1
0
Fork 0
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity

Update DNS resolution docs again

Browse Source
This commit is contained in:
Joey Hafner 2022-11-09 14:47:56 -08:00
parent b088de85ec
commit c4bac583f2
1 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
homelab/docs/DNS Resolution.md
View File

@ -3,23 +3,20 @@ graph TB;
Upstream["dns.google (8.8.8.8; 8.8.4.4)"] Upstream["dns.google (8.8.8.8; 8.8.4.4)"]
Clients["Clients [192.168.1.0/24]"] Clients["Clients [192.168.1.0/24]"]
Router["VyOS Router [192.168.1.1]"] Router["VyOS Router [192.168.1.1]"]
PiHole["PiHole [192.168.1.22]"] PiHoles["PiHole [192.168.1.22,192.168.1.21]"]
PiHole2["PiHole [192.168.1.21]"]
BlackHole["Black Hole"] BlackHole["Black Hole"]
Router --"Sends DHCP with DNS=192.168.1.1"--> Clients Clients --"First connect"--> Router
Clients --"DNS Requests"--> Router Router --"Sends DHCP with DNS=192.168.1.22,192.168.1.21"--> Clients
Router --"Primary"--> PiHole Clients --"Subsequent requests"--> PiHoles
Router --"Fallback"--> PiHole2 Router ----> PiHoles
PiHole --"Blacklisted domains"--> BlackHole PiHoles --"Blacklisted domains"--> BlackHole
PiHole2 --"Blacklisted domains"--> BlackHole PiHoles --"Valid requests"--> Upstream
PiHole --"Valid requests"--> Upstream
PiHole2 --"Valid requests"--> Upstream
``` ```
Clients connecting to the local network for the first time will receive as part of the DHCP negotiation ([code 6](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Information)) the domain name server's address. This address will correspond to the IP address of the router (`192.168.1.1`). Clients connecting to the local network for the first time will receive as part of the DHCP negotiation ([code 6](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Information)) the domain name servers' addresses. These addresses will correspond to the IP addresses of the PiHole servers (currently RasPis at `192.168.1.22` and `192.168.1.21`).
From that point, the client's DNS requests will go directly to the router. This means the PiHole will not be able to track requests per-client. From that point, clients will send simultaneous DNS requests to both Piholes and use the first response received. This means the PiHoles will be able to track requests per-client. However, this splits tracking data between the two servers, so it may be difficult to visualize a complete picture.
However, a client can be manually configured to request DNS resolution directly from the Pihole. A client can be manually configured to request DNS resolution from the router, which will forward requests to the PiHoles.
DNS requests to the PiHole will be checked against the [configured adlists](https://pihole.jafner.net/groups-adlists.php). If matched, the request will be blocked. If a user is attempting to access a website that is blocked, the request should quickly resolve to a Domain Not Found error. It will look like this: DNS requests to the PiHole will be checked against the [configured adlists](https://pihole.jafner.net/groups-adlists.php). If matched, the request will be blocked. If a user is attempting to access a website that is blocked, the request should quickly resolve to a Domain Not Found error. It will look like this: