Jafner/homelab
1
1
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity

Update DNS resolution docs again

Browse Source
This commit is contained in:
Joey Hafner 2022-11-09 14:47:56 -08:00
parent dc4664b6f9
commit 4d000cbf03
1 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
docs/DNS Resolution.md
View File

@ -3,23 +3,20 @@ graph TB;
Upstream["dns.google (8.8.8.8; 8.8.4.4)"]
Clients["Clients [192.168.1.0/24]"]
Router["VyOS Router [192.168.1.1]"]
PiHole["PiHole [192.168.1.22]"]
PiHole2["PiHole [192.168.1.21]"]
PiHoles["PiHole [192.168.1.22,192.168.1.21]"]
BlackHole["Black Hole"]
Router --"Sends DHCP with DNS=192.168.1.1"--> Clients
Clients --"DNS Requests"--> Router
Router --"Primary"--> PiHole
Router --"Fallback"--> PiHole2
PiHole --"Blacklisted domains"--> BlackHole
PiHole2 --"Blacklisted domains"--> BlackHole
PiHole --"Valid requests"--> Upstream
PiHole2 --"Valid requests"--> Upstream
Clients --"First connect"--> Router
Router --"Sends DHCP with DNS=192.168.1.22,192.168.1.21"--> Clients
Clients --"Subsequent requests"--> PiHoles
Router ----> PiHoles
PiHoles --"Blacklisted domains"--> BlackHole
PiHoles --"Valid requests"--> Upstream
```
Clients connecting to the local network for the first time will receive as part of the DHCP negotiation ([code 6](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Information)) the domain name server's address. This address will correspond to the IP address of the router (`192.168.1.1`).
From that point, the client's DNS requests will go directly to the router. This means the PiHole will not be able to track requests per-client.
However, a client can be manually configured to request DNS resolution directly from the Pihole.
Clients connecting to the local network for the first time will receive as part of the DHCP negotiation ([code 6](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Information)) the domain name servers' addresses. These addresses will correspond to the IP addresses of the PiHole servers (currently RasPis at `192.168.1.22` and `192.168.1.21`).
From that point, clients will send simultaneous DNS requests to both Piholes and use the first response received. This means the PiHoles will be able to track requests per-client. However, this splits tracking data between the two servers, so it may be difficult to visualize a complete picture.
A client can be manually configured to request DNS resolution from the router, which will forward requests to the PiHoles.
DNS requests to the PiHole will be checked against the [configured adlists](https://pihole.jafner.net/groups-adlists.php). If matched, the request will be blocked. If a user is attempting to access a website that is blocked, the request should quickly resolve to a Domain Not Found error. It will look like this: