Amplifi not forwarding "pi.hole" dns request to "upstream" DNS


  • Re: Override ISP DNS settings

    I love my Amplifi Instant system!.

    I've also recently set up pi-hole and I'm loving it!

    I wish to use Amplifi's DNS cache, but forward any unresolvable domains to pi-hole. Accordingly, I have pi-hole set as Amplif's DNS servers in the "Internet" section of the app, and "Bypass DNS cache" un-checked on the web ui.

    This should allow me to resolve both amplifi.lan and pi.hole.

    Strangely, pi.hole only resolves when "Bypass DNS cache" is enabled, which of course prevents amplifi.lan from resolving.

    I have no interest in manually creating host/dnsmasq records for *.lan.

    It seems only "pi.hole" specifically returns "no answer". pie.hole returns "NXDOMAIN". What gives?

    Here's nslookup with Amplifi's DNS cache enabled

    $ nslookup pi.hole
    Server:		10.0.1.1
    Address:	10.0.1.1#53
    
    *** Can't find pi.hole: No answer #<<<<<<<<<< ???
    
    $ nslookup pi.hole 10.0.1.27
    Server:		10.0.1.27
    Address:	10.0.1.27#53
    
    Name:	pi.hole
    Address: 10.0.1.27
    

    And with Amplifi's DNS cache bypassed

    $ nslookup pi.hole
    Server:		10.0.1.27
    Address:	10.0.1.27#53
    
    Name:	pi.hole
    Address: 10.0.1.27
    

  • Your fix may actually be in the Pi-hole settings. Leave bypass DNS on in the Amplifi web settings.

    Try going to the DNS section of the Pi-hole settings. In the advanced settings at the bottom, check “Use conditional forwarding” and “lan” as the local domain name. And for IP of your router, probably 10.0.1.1.


  • @thomas-chi

    I do have this configured, but it doesn't work :/. Seems in this case pi-hole would forward to Amplifi, and Amplifi would then forward back to pi-hole (because bypass dns cache is enabled). Not sure how to check if this is indeed happening. Nslookup to the router does indeed resolve .lan, but standard nslookup *.lan results in NXDomain.

    $ nslookup amplifi.lan
    Server:		10.0.1.27
    Address:	10.0.1.27#53
    
    ** server can't find amplifi.lan: NXDOMAIN
    
    $ nslookup boot2docker.lan
    Server:		10.0.1.27
    Address:	10.0.1.27#53
    
    ** server can't find boot2docker.lan: NXDOMAIN
    
    $ nslookup amplifi.lan 10.0.1.1
    Server:		10.0.1.1
    Address:	10.0.1.1#53
    
    Name:	amplifi.lan
    Address: 10.0.1.1
    
    $ nslookup boot2docker.lan 10.0.1.1
    Server:		10.0.1.1
    Address:	10.0.1.1#53
    
    Name:	boot2docker.lan
    Address: 10.0.1.27
    
    

    0_1573950094096_e282cbe7-ef71-4466-87f1-54ed0831f66e-image.png

    I assume leaving "bypass DNS cache" un-checked should indeed resolve .lan requests, and forward all others (including pi.hole) to pi-hole (unless cached)

    The fact that nslookup pi.hole > "No Answer" instead of NXDOMAIN (which is returned for pie.hole) seems suspicious, as if pi.hole is purposefully NOT forwarded.


  • @hunter-dg

    Restarted router and now am also getting NXDOMAIN for pi.hole (with bypass DNS cache un-checked). Seems Amplifi does not forward any *.hole DNS requests, (otherwise I'd see them in pi-hole's logs).


  • Not sure what the problem is, but I have bypass DNS cache checked (as I mentioned above) and it works fine.

    You did inspire me to do one other thing, which was to review my /etc/hosts file. That actually helped me, because I’d had an old entry for amplifi.lan which was now incorrect. I cleared that and now all *.lan addresses work well for me.

    pi.hole works fine for me.


  • @thomas-chi

    Do you have Amplifi HD or Instant?


  • Amplifi HD.

    Incidentally, I’ve now purchased a Unifi security gateway to place in front of the Amplifi router, and I’m having a hell of a time getting IPv6 hostnames to show up correctly in pi.hole. I think it has something to do with the USG not giving DHCP clients a ULA.


Log in to reply
 

Looks like your connection to AmpliFi was lost, please wait while we try to reconnect.