Jafner/homelab
1
1
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity

Update DNS resolution docs

Browse Source
This commit is contained in:
Joey Hafner 2022-11-09 14:20:02 -08:00
parent 79383417b6
commit 73d42f83b0
1 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/DNS Resolution.md
View File

@ -2,21 +2,24 @@
graph TB;
Upstream["dns.google (8.8.8.8; 8.8.4.4)"]
Clients["Clients [192.168.1.0/24]"]
Router["VyOS Router [192.168.1.23]"]
PiHole["PiHole [192.168.1.23]"]
Router["VyOS Router [192.168.1.1]"]
PiHole["PiHole [192.168.1.22]"]
PiHole2["PiHole [192.168.1.21]"]
BlackHole["Black Hole"]
Router --"Sends DHCP with DNS=192.168.1.23"--> Clients
Clients --"First connect"--> Router
Clients --"Subsequent requests"--> PiHole
Router ----> PiHole
Router --"Sends DHCP with DNS=192.168.1.1"--> Clients
Clients --"DNS Requests"--> Router
Router --"Primary"--> PiHole
Router --"Fallback"--> PiHole2
PiHole --"Blacklisted domains"--> BlackHole
PiHole2 --"Blacklisted domains"--> BlackHole
PiHole --"Valid requests"--> Upstream
PiHole2 --"Valid requests"--> Upstream
```
Clients connecting to the local network for the first time will receive as part of the DHCP negotiation ([code 6](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Information)) the domain name server's address. This address will correspond to the IP address of the PiHole server (currently a RasPi at `192.168.1.23`).
From that point, the client's DNS requests will go directly to the PiHole on an IP level. This means the PiHole will be able to track requests per-client.
However, a client can be manually configured to request DNS resolution from the router, which will forward requests to the PiHole.
Clients connecting to the local network for the first time will receive as part of the DHCP negotiation ([code 6](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Information)) the domain name server's address. This address will correspond to the IP address of the router (`192.168.1.1`).
From that point, the client's DNS requests will go directly to the router. This means the PiHole will not be able to track requests per-client.
However, a client can be manually configured to request DNS resolution directly from the Pihole.
DNS requests to the PiHole will be checked against the [configured adlists](https://pihole.jafner.net/groups-adlists.php). If matched, the request will be blocked. If a user is attempting to access a website that is blocked, the request should quickly resolve to a Domain Not Found error. It will look like this: