dnsmasq on an Ubuntu server with stubby to get tls on the recursive resolver, although we do also have a PiHole on a RPi4 that we play with. Probably moving to AdGuard on OPNsense in a couple months, not in "production" right now (only on my main workstation, so I don't upset the family). AdGuard is pointing to the stubby service as its recursive resolver, and overall I like it best of the three as it has super easy rule configuration.
I'm running bind directly, largely because I'm using Foreman and it can talk to bind to dynamically add new systems to DNS. That said, I'd much rather use a more intuitive GUI to manage my other static DNS entries, but having it in files in bind lets me manage things via Ansible and automate the management from text files that I can version control. I do run PiHole as a caching DNS in front of my bind to add value there, but I don't get to use the nice GUI.
Unbound on Opnsense. Boring, I know. But as someone else mentioned, when dns goes down I have a whole family breathing down my neck! And I'm too much of a newb to work under that kind of pressure fixing it!
I use DHCP and DNS with nethserver because this is a perfect combination. Pihole is great for ad blocking, but dhcp and dns in combination does not work good.
@@TechnoTim when I watch one of your playlists trying to set services up myself, having to skip the twitch reminder can sometimes be annoying, but I get why you do them and your content is amazing so it's all good. ☺️
Thanks for the video, Tim! Great work as always. I am struggling with this because I host a bunch of services on one docker server (as you do), and I want each subdomain to go straight to the correct place for that record (8006 for proxmox webui, for example) - but the best I can do with straight DNS is use the IP and then add the port in browser. Is there a better way to do this? What do you do for these port-locked apps that might not redirect automatically?
Hi Tim, thanks for this, love it so helpful for navigating around my local servers. What about servies that require ip:port, as I understand DNS doesn't care about port?
Awesome content. Where do you live - that's so weird that *everyone* would be asking you how you set up local DNS entries. I find in New Zealand it's extremely hard to get strangers and even friends very interested. In England it used to be easier, but only because people in the street thought I was saying "NHS".
Out of curiosity, I believe that I have correctly set up my Pi-hole with my Pfsense but because you made this video would you be willing to create a video regarding how to configure your Pi-hole and Pfsense to work together?
+1 ... Just was about to ask same how your Pi-hole live together with PfSense :). It's a mess to get all this together working nice with vlans and so on [ unifi + pfsense + vlans + pihole ]
Hey all, quick question. I was able to get the DNS records and the CNAME records working and they point to my home server. Problem is, I have different services running on the same IP but different ports. How do I get something like “main.hs” to point to my server and “service.hs” point to the same server but on a specific port? Thanks in advance!
Thanks for the clear video explanation! Would I be correct in understanding that your server (Juno in this case) has a static IP address? Can the PiHole link the hostname and IP addresses of dynamically assigned devices and expose them across the local area network in the same way? If so, how does this get set up?
Thank for making this video, it is awesome! I set pi-hole up for local DNS by following the steps in the video, nslookup works fine on the server on which pi-hole runs. However, all clients (Windows and Mac) cannot ping/access the hosts by their names set in LocalDNS in pi-hole. Could you please help? Thanks
Thanks for this!! Just to confirm to make sure I'm understanding this correctly. If you're going to use a CNAME to point plex/portainer, you'll need some other reverse proxy in order to guide the CNAMEs to the right ports on your server right?
As always great and simple tut! Thanks a lot. I was following your approaching for getting SSL certificates using Traefik. I was curious how to get a a a DNS name for py-hole ip ass well, I couldn't make it work, maybe there is a different way for DNS server to apply SSL or DNS name?
Tim, great video! Love your content. Don't you mind doing a video about docker networking? I was confused by finding out that the speed test ran from the host machine (win10 + WSL 2 docker for desktop) and from the docker container continuously differ by about 6-8 times, but I'm having a pretty hard time understanding what's going on there through docker documentation. Anyway, I will keep watching your videos even if you decide to ignore my comment)
Very handy. Thank you for posting. A question though, which adlists do you use? I'm only using the default which blocks around 65k domains. I can see your are blocking just over 1 million.
@@michaelgleason4791 i'm struggling with my ubuntu / portainer setup with systemd on port 53. Any suggestions or advice? All i want is an internal dns for our home network --- all WAN stuff will use the normal dns.
That's a great question. A simple answer is DNS doesn't care about ports. DNS just forwards (or resolves) to the machine with the ip. Then you use a reverse proxy manager to map the request to specific machines with their ports.
Been using most of your vids to setup my proxmox server, would love to see a vid using a VPN killswitch with using pihole as DNS for it (I know my wording might be a little off)
Hey, Tim, you've showed how to add aliases to domains, but how do you route traffic to those specific services you created aliases for? Do you need reverse proxy for that?
Can you show how this interact with the not local network? How the traefik-local and traefik-remote live together? (Router settings, cloudflare setuo etc)?
Hi. Old video but I m gonna give it a try. I m trying to install the damn!!!! v20 3cx which has as mandatory the split/dns (creation of 2 different dns zones in order for clients to be able to resolve both externally and internally using the same fqdn name) or haipin nat dns (Mikrotik) or local dns (Draytek) technology. Can pi-hole accomplish that and get away with way more expensive routers?
Anyone know how I can get my Pihole time correct? I'm running a stratum 1 time server on the same network Pihole is on. There's nothing in the GUI and my Pihole time seems to be GMT and not local. Thank you.
I thought you ran everything in containers. I'm running Promox and I have Transmission and Jellyfin in containers and they have different IP addresses.
Somewhere at 2.03 explanation got out of hand since I think that if 2 alias point to same name then how can 2 services be distinguished between them. I think the answer is ports? these services listening on? PS You should do a 3min video for Pfsense also about the same thing
Is there any means to add ports as well? Similar to a Nginx reverse proxy it would be nice to have a local only DNS that can handle the reverse proxy portion as well.
I guess the only way is to statically set the address? Coming from AD with dns server role, the a records will get updated, especially using dhcp. Not possible?
Hi Tim! Would like to clarify, I have an IPSEC VPN Server that is port forwarded out, and was wondering Is it possible to connect to the IPSEC VPN by its local domain name generated by pihole in the LAN?
If I understand you, I think you can if you be sure that your vpn appends the internal domain names, basically don’t forward the request to your ISP but to your internal dns
@@TechnoTim Ohh I see, which means I'll need to change my Port Forwarding settings within the ISP route (my default gateway) I'll give that a shot, thank you Tim!
How can you have multiple services pointing to the same IP (alias)? This would require the use of ports. You haven't really explained this unless I am missing something.
Where's the best place to have the pi hole server?? For years I hosted it on my vlan 1 untagged network but been making changes and wondered what is best.
Same problem. Want pihole for multiple VLANs and not sure where to place pihole server and how to setup the vlans on the machine. Did you find a solution?
Awesome video. Now I don't have to remember what Alderaan, Kashyyyk, Hoth, or the myriad of other Star Wars planets do on my network (they started as pets not cattle and always will be).
@@TheSwampDaddy not a practical solution. The entire reason for DHCP is avoid statically assigning IP addresses, either via static addresses or via a static reservation.
@@robertking3098 Recently I was looking at 20 DHCP leases on the EdgeRouter which showed just an IP address and a MAC address no other name. I noticed when I set the reservation I could name the host and of course the IP would not change. Was this not a good way to way to have everything named? I like that any DHCP lease not reserved, is something new and should be looked at more closely.
Hello Tim! quick question Pi-Hole doesn't seem to give the option to delete old cnames. Is there a file I can edit to remove them? Thanks for the guides
how does this work together with nginx proxy manager if I want to reach for example a jellyfin docker instance inside (lan) and outside (wan) with the same adress (e.g. jellyfin.domain.tld)?
One has to live 99% at home or own a desktop computer to justify the very existence of Pi-hole Local Proxy has Zero sense if everyone in hose owns only a laptop and/or any other mobile devices provided that one doesn't own a dumb-"smart" TV (because you have only one life) I prefer rather security while on public network using DoH on my browsers or a VPN. Adblock Plus handles with ease RUclips advertisement and the rest. So, what the point to have a Pi-Hole, BlockNG or Sensei? I ran it along with Cloudflared just for fun on my NAS and delete it because all my DNS connections are encrypted on the browser level and directed to Cloudflare.
please reply. i'm using Aapanel DNS Server, so shouild i uninstall it for pihole or not, if i'n not uninstall, then should PIHOLE work's with Aapanel DNS, or not ? Becouse i didn't seen TXT record and another record in pi-hole. / i want for my website dns server.
I folowed video instructions. nslookup and dig work fine, but ping does not. Tried using DNS on browser, windows explorer, etc, tô no success. Compared local DNS dig results against public ones and the only difference I spotted was that local DNS TTL returned is 0 (zero). Do you believe it might be the culprit? If so, how do I increase local DNS TTL?
What do you use for DNS?
dnsmasq on an Ubuntu server with stubby to get tls on the recursive resolver, although we do also have a PiHole on a RPi4 that we play with. Probably moving to AdGuard on OPNsense in a couple months, not in "production" right now (only on my main workstation, so I don't upset the family). AdGuard is pointing to the stubby service as its recursive resolver, and overall I like it best of the three as it has super easy rule configuration.
I'm running bind directly, largely because I'm using Foreman and it can talk to bind to dynamically add new systems to DNS. That said, I'd much rather use a more intuitive GUI to manage my other static DNS entries, but having it in files in bind lets me manage things via Ansible and automate the management from text files that I can version control. I do run PiHole as a caching DNS in front of my bind to add value there, but I don't get to use the nice GUI.
Unbound on Opnsense.
Boring, I know.
But as someone else mentioned, when dns goes down I have a whole family breathing down my neck! And I'm too much of a newb to work under that kind of pressure fixing it!
I use DHCP and DNS with nethserver because this is a perfect combination. Pihole is great for ad blocking, but dhcp and dns in combination does not work good.
AdGuard Home, I like the UI better and the API is quite good as well.
Thank you for no annoying intro! Love the content
When you said "annoying intro" you meant other channels' intros, and not mine.... right? 😉
@@TechnoTim when I watch one of your playlists trying to set services up myself, having to skip the twitch reminder can sometimes be annoying, but I get why you do them and your content is amazing so it's all good. ☺️
@@ruffleduffle thank you for the honest feedback!
You've just shown me a value of Local DNS in Pi-Hole. Thank you so much! This is fantastic information.
Check out my next one that covers how to apply this to a reverse proxy for ssl internally
@@TechnoTim Watching it for a second time now to see how I can apply it to NGINX Proxy Manager. I may switch up to Track.
Me: hey how do u add dns entry for rancher
Tim: here’s a video
Man i love it!!! Keep it going!!!!
Thanks for the video, Tim! Great work as always.
I am struggling with this because I host a bunch of services on one docker server (as you do), and I want each subdomain to go straight to the correct place for that record (8006 for proxmox webui, for example) - but the best I can do with straight DNS is use the IP and then add the port in browser. Is there a better way to do this? What do you do for these port-locked apps that might not redirect automatically?
Sounds like you need my next video! I will have the answers to this (and more) in the next one! Sit tight!
Here it is! ruclips.net/video/liV3c9m_OX8/видео.html
@@TechnoTim dude, you're the man. Thank you so much!!
Finally someone who explains this in a good way!
I was asking myself this question today, you sir deserve a medal. Thank you!
"When you run into problems, it's always DNS" Truth!
👍
1.1 million blockable domains. I’d love to see your block sources. I’m using the default options which really does not block that much.
Ping me in Discord, I can share
Or twitter!
Or here! I explain it here ruclips.net/video/0wpn3rXTe0g/видео.html
You finally did it. I’ve been bugging you for months. Thanks bro.
Hi Tim, thanks for this, love it so helpful for navigating around my local servers. What about servies that require ip:port, as I understand DNS doesn't care about port?
Reverse proxy
Awesome content. Where do you live - that's so weird that *everyone* would be asking you how you set up local DNS entries. I find in New Zealand it's extremely hard to get strangers and even friends very interested. In England it used to be easier, but only because people in the street thought I was saying "NHS".
Out of curiosity, I believe that I have correctly set up my Pi-hole with my Pfsense but because you made this video would you be willing to create a video regarding how to configure your Pi-hole and Pfsense to work together?
I would also like to se a video about that.
+1 ... Just was about to ask same how your Pi-hole live together with PfSense :). It's a mess to get all this together working nice with vlans and so on [ unifi + pfsense + vlans + pihole ]
@@SergheiPantelei That's the exact same setup I am trying to get working in sync with each other.
Awesome info thanks! Setting up my Pi-hole this weekend.
Thank you for this Video! But my question in this case is, do you run Pihole in a docker container or directly on the device itself ?
Hey all, quick question. I was able to get the DNS records and the CNAME records working and they point to my home server. Problem is, I have different services running on the same IP but different ports. How do I get something like “main.hs” to point to my server and “service.hs” point to the same server but on a specific port? Thanks in advance!
Tip: If you want firefox to stop doing google searches for your local dns names, end them with .local instead of .lan
Fantastic easy video Tim. Highly appreciate as usual :D
Dude you are awesome ..... wonderful video thanks !
Thanks for the clear video explanation! Would I be correct in understanding that your server (Juno in this case) has a static IP address? Can the PiHole link the hostname and IP addresses of dynamically assigned devices and expose them across the local area network in the same way? If so, how does this get set up?
Very well explained Thanks for the sharing
Looking great without the cap.
I also use pihole, whenever I connect with openvpn, so I get on my phone whenever I need it.
Thank for making this video, it is awesome!
I set pi-hole up for local DNS by following the steps in the video, nslookup works fine on the server on which pi-hole runs. However, all clients (Windows and Mac) cannot ping/access the hosts by their names set in LocalDNS in pi-hole.
Could you please help? Thanks
Thanks for this!! Just to confirm to make sure I'm understanding this correctly. If you're going to use a CNAME to point plex/portainer, you'll need some other reverse proxy in order to guide the CNAMEs to the right ports on your server right?
That’s right! See my video on Traefik + SSL that shows exactly how to do this!
As always great and simple tut! Thanks a lot. I was following your approaching for getting SSL certificates using Traefik. I was curious how to get a a a DNS name for py-hole ip ass well, I couldn't make it work, maybe there is a different way for DNS server to apply SSL or DNS name?
Tim, great video! Love your content.
Don't you mind doing a video about docker networking? I was confused by finding out that the speed test ran from the host machine (win10 + WSL 2 docker for desktop) and from the docker container continuously differ by about 6-8 times, but I'm having a pretty hard time understanding what's going on there through docker documentation.
Anyway, I will keep watching your videos even if you decide to ignore my comment)
Very handy. Thank you for posting. A question though, which adlists do you use? I'm only using the default which blocks around 65k domains. I can see your are blocking just over 1 million.
Ping me in Discord or on Twitter, I can share
Didn’t you miss adding the container port? Otherwise, how can it resolve to the service, rather than the host?
DNS has absolutely nothing to do with ports.
@@michaelgleason4791 i'm struggling with my ubuntu / portainer setup with systemd on port 53. Any suggestions or advice? All i want is an internal dns for our home network --- all WAN stuff will use the normal dns.
That's a great question. A simple answer is DNS doesn't care about ports. DNS just forwards (or resolves) to the machine with the ip. Then you use a reverse proxy manager to map the request to specific machines with their ports.
Hi Tim, Great video thank you for making ;-)
No problem 👍
Have you looked at Technitium ? Maybe a new video to compare Technitium, adguard and pihole. Compare features such as secondary dns, settings sync etc
Great video as always! Do you have a video on how to setup so many Domains on Blocklist on piHole? Thank you very much!!
Really like the way you explained this.
Another useful video ! Straight to the point, thanks a lot Tim !
hey Jax!
Exactly what I was looking for well done
Thank you. Great video.
I used this quite a while. Now I do dna entries via Opnsense. Configuration is pretty similar
Been using most of your vids to setup my proxmox server, would love to see a vid using a VPN killswitch with using pihole as DNS for it (I know my wording might be a little off)
I second this request :-)
Great videos, well done. Please keep these coming!
crystal clear. very good content.
Can I do local dns in Adguard home like pihole?
Hey, Tim, you've showed how to add aliases to domains, but how do you route traffic to those specific services you created aliases for?
Do you need reverse proxy for that?
You may, depending on how your services are configured. Coming really soon!
This was the question I was looking for. Can't wait for the response video 😁
@@camerontgore here you go ruclips.net/video/liV3c9m_OX8/видео.html
Here it is ruclips.net/video/liV3c9m_OX8/видео.html
thanks Tim that was very helpfull
Very nice explanation :)
Great explanation
Odd, I added a DNS record pointing to the IP of the machine where I host Pihole and it didn't work...
Can you show how this interact with the not local network? How the traefik-local and traefik-remote live together? (Router settings, cloudflare setuo etc)?
Cant seem to get it working without editing the /etc/resolv.conf on every computer, pihole is setup as first DNS on my router....
Hi. Old video but I m gonna give it a try. I m trying to install the damn!!!! v20 3cx which has as mandatory the split/dns (creation of 2 different dns zones in order for clients to be able to resolve both externally and internally using the same fqdn name) or haipin nat dns (Mikrotik) or local dns (Draytek) technology. Can pi-hole accomplish that and get away with way more expensive routers?
Do you use an upstream DNS server at all such as Unbound?
TIL! - Thanks Tim!
Anyone know how I can get my Pihole time correct? I'm running a stratum 1 time server on the same network Pihole is on. There's nothing in the GUI and my Pihole time seems to be GMT and not local. Thank you.
Hey there! This is super cool, is it possible to add certificates to these domains on your local network for https traffic?
yup! here it is! ruclips.net/video/liV3c9m_OX8/видео.html
I love you bro
Good tutorial!
I thought you ran everything in containers. I'm running Promox and I have Transmission and Jellyfin in containers and they have different IP addresses.
You’re so on point.
Somewhere at 2.03 explanation got out of hand since I think that if 2 alias point to same name then how can 2 services be distinguished between them. I think the answer is ports? these services listening on?
PS You should do a 3min video for Pfsense also about the same thing
Reverse proxy. This is also how CNAMEs work in public DNS
@@TechnoTim Thanks but forget it still dont get it
@@ierosgr ruclips.net/video/liV3c9m_OX8/видео.html
Is there any means to add ports as well? Similar to a Nginx reverse proxy it would be nice to have a local only DNS that can handle the reverse proxy portion as well.
I use Traefik in combination with Pi Hole for my reverse proxy ruclips.net/video/liV3c9m_OX8/видео.html
I guess the only way is to statically set the address? Coming from AD with dns server role, the a records will get updated, especially using dhcp. Not possible?
not possible on pi hole to my knowledge
what is that background music xD can you tell me the name pls
I would love to see how to get this setup with traefik & metallb on kubernetes.
How do you link that DNS to your network?
PiHole is running into a Raspberry not in the actual network manager (modem or repeater).
You configure your DHCP to hand out the DNS of your PiHole server, rather than your modem's or your ISP's.
Hi Tim!
Would like to clarify, I have an IPSEC VPN Server that is port forwarded out, and was wondering
Is it possible to connect to the IPSEC VPN by its local domain name generated by pihole in the LAN?
If I understand you, I think you can if you be sure that your vpn appends the internal domain names, basically don’t forward the request to your ISP but to your internal dns
@@TechnoTim
Ohh I see, which means I'll need to change my Port Forwarding settings within the ISP route (my default gateway)
I'll give that a shot, thank you Tim!
How can you have multiple services pointing to the same IP (alias)? This would require the use of ports. You haven't really explained this unless I am missing something.
Reverse proxy ruclips.net/video/liV3c9m_OX8/видео.html
So how would you then point that alias to the proper port of your service? You dont explain that.
Yoy can’t specify port in dns, you’d need a service record or a reverse proxy
@@TechnoTim exactly. so what exactly do you think is so useful about aliases?
Hi! Please I have 3000 routers that use pi-hole, but when the server has around 500 queries (clientes) the cpu is in 99%. I use an amd ryzen 9, 5900X.
Where's the best place to have the pi hole server?? For years I hosted it on my vlan 1 untagged network but been making changes and wondered what is best.
Same problem. Want pihole for multiple VLANs and not sure where to place pihole server and how to setup the vlans on the machine. Did you find a solution?
Do you need dhcp enabled in pihole for this to work?? I cant access from another ip address
You do not. You just need to make sure your clients use this server for dns
Thank you 🙏
Is it possible to get ssl certificate using this setup?
Can I set it so in case the pihole machine goes down, it reverts to the router's dns server automatically?
never mind. I noticed it does that on its own.
Very useful info.
do i need to disable dnsstub on ubuntu for this ?
So if I wanted to point something not something.domain how would I do that. It doesn't seem to work with pi-hole. I know I'm missing something.
You can do the same for too level domains. Just create an A record
I needed this
what can i use to windows
Awesome video. Now I don't have to remember what Alderaan, Kashyyyk, Hoth, or the myriad of other Star Wars planets do on my network (they started as pets not cattle and always will be).
If you've got pfSense as main router I don't see why you would you anything else than the built in DNS resolver.
But what if you want to map dns to a non port 80 service?
DNS is only host names, not ports. You need a reverse proxy for that. See my guide on traefik and portainer with pi hole
@@TechnoTim thank you so much for the reply I will check it out!
This only works for static IPs. The VAST majority of computers on my network use DHCP (served bu Pi-Hole.) But their names do NOT resolve.
create DHCP reservations
@@TheSwampDaddy not a practical solution. The entire reason for DHCP is avoid statically assigning IP addresses, either via static addresses or via a static reservation.
@@robertking3098 Recently I was looking at 20 DHCP leases on the EdgeRouter which showed just an IP address and a MAC address no other name. I noticed when I set the reservation I could name the host and of course the IP would not change. Was this not a good way to way to have everything named? I like that any DHCP lease not reserved, is something new and should be looked at more closely.
Can i request a video,rancher on windows10(running docker tool to running various things)
Regardless ,love your video,keep up the good work!
REQUEST: Proxmox link to UPS for graceful shutdown and power up.
Beautiful :)
Wait.. You don't have a how to set up a Pi-Hole server? :( Sad..
I have 3-4 tutorials on it!
Hello Tim! quick question Pi-Hole doesn't seem to give the option to delete old cnames. Is there a file I can edit to remove them? Thanks for the guides
Odd, it should be there. I’ve deleted them plenty of times 🤔
Nice
anyone dockerize dns and dhcp server?
how does this work together with nginx proxy manager if I want to reach for example a jellyfin docker instance inside (lan) and outside (wan) with the same adress (e.g. jellyfin.domain.tld)?
Wouldn't you just create a DNS entry that points directly at your reverse proxy? jellyfin.domain.tld -> reverse proxy IP.
Fast, simple, easy and insecure.
82 Clients :D
Good eye! Oh yeah!
Worth in 2023?
Yes
Dude you need a reverse proxy, everyone in this video knows your private IP address
I have one, that’s what you are seeing 😀
Literally always DNS...
Always!
Pihole..... pihole ..............pihole pihole pihole pihole paisa hi Paisa(money and money) 😂😂
Hi 2nd comment ikr gg myself
Why should I use multiple hosts for one ip adress without any port? That's utterly useless! What a waste of time
It's pretty much how the internet runs, multiple hosts pointing to 1 IP. It's the baseline for all reverse proxies.
more confused after watching this video.
What am I missing? I've tried everything, I even used the same local domain names to test and test this does not work. HELP PLZ!
One has to live 99% at home or own a desktop computer to justify the very existence of Pi-hole
Local Proxy has Zero sense if everyone in hose owns only a laptop and/or any other mobile devices provided that one doesn't own a dumb-"smart" TV (because you have only one life)
I prefer rather security while on public network using DoH on my browsers or a VPN. Adblock Plus handles with ease RUclips advertisement and the rest.
So, what the point to have a Pi-Hole, BlockNG or Sensei?
I ran it along with Cloudflared just for fun on my NAS and delete it because all my DNS connections are encrypted on the browser level and directed to Cloudflare.
please reply. i'm using Aapanel DNS Server,
so shouild i uninstall it for pihole or not,
if i'n not uninstall, then should PIHOLE work's with Aapanel DNS, or not ?
Becouse i didn't seen TXT record and another record in pi-hole. / i want for my website dns server.
I folowed video instructions. nslookup and dig work fine, but ping does not. Tried using DNS on browser, windows explorer, etc, tô no success. Compared local DNS dig results against public ones and the only difference I spotted was that local DNS TTL returned is 0 (zero). Do you believe it might be the culprit? If so, how do I increase local DNS TTL?
unless it dont work....
** server can't find big-z.local : NXDOMAIN
my add blocking works. pi-hole works. Local DNS does not.
Same - I cannot get this to work. :(
Did you ever got it to work? Running into the same issues
@@jessesiglow7411 Did you ever got it to work? Running into the same issues