search

unifi-utilities / unifios-utilities

A collection of enhancements for UnifiOS based devices
GNU General Public License v3.0
3.86k stars 415 forks source link

DNS requests don't reach pihole #29

Closed nschemel closed 4 years ago

nschemel commented 4 years ago

Describe the bug I've set up pihole according to you readme, but my dns requests never reach pihole. They are getting answered by some other dns server. What's really weird is that I can send a dns request to every ip address in the new network and getting a valid dns response. I've tested that with nslookup and dig.

I tested around several hours and reseted the UDM completely because I thought, there might be anything wrong at another place. Unfortunately the problem occurs also after the reset.

My idea is that the included DNS filter from the UDM could be a part of the problem here, although it's deactivated.

To Reproduce Steps to reproduce the behavior:

  1. Factory reset the UDM
  2. Install controller version 6.0.4
  3. Install 'UDM / UDMPro Boot Script' according to the readme file
  4. Install 'Run PiHole on your UDM" according to the readme file
  5. While installing pihole and running the script '02_dns-common.sh' there are errors thrown. It seems that the "PREROUTING" Chain isn't available. On the second run, these errors are gone.
  6. Browse to the ip address of pihole and it seems ok.
  7. Setting the dns on my macbook manually to the pihole address and surfing. But no requests are shown in pihole. The same problem exists if I use nslookup or dig to query pihiole directly.
  8. The next problem is, that I can query each IP address in the whole new network and get a valid dns response, but not from pihole.

Expected behavior DNS requests should reach pihole and get answered by it.

UDM Information

Additional context My new network has vlan id 2 and the network 192.168.2.0/24.

I've attached my configuration files. Perhaps I've made a mistake there. mnt.zip

nslookup ui.com 192.168.2.123

Server: 192.168.2.123 Address: 192.168.2.123#53 Non-authoritative answer: Name: ui.com Address: 52.35.44.122

MattTW commented 4 years ago

Turn off content filtering on your UDM via the controller UI if you have it on. Having this on puts a dns filter "override" in that sends all DNS resolution requests to unifi's own DNS servers no matter what you configure for DNS servers for your networks.

nschemel commented 4 years ago

Thanks for your response @MattTW. The content filtering is deactivated. That was one of the first things I checked.

mojo333 commented 4 years ago

You're getting exactly what I'm seeing using NextDNS! None of my requests seem reach the NextDNS container for resolution and are just using my WAN configured DNS provider.

boostchicken commented 4 years ago

This is an error on controller 6.0.4. I have not seen what they changed in regards to iptables rules. Someone will have to take a look at it. I don't plan on moving to 6 for quite some time. Does someone want to give an iptables-save dump?

boostchicken commented 4 years ago

Closing as duplicate of https://github.com/boostchicken/udm-utilities/issues/29