Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Pi-Hole with bind9 as forwarder

Installation of bind9

apt install bind9

Create a virtual interface (eth0:1)

Note: i have the IP : 192.168.1.109 by DHCP

edit the network settings file

nano /etc/network/interfaces

and I add this to create a virtual eth0:1 with 192.168.2.2 for IP with a /16 subnet

iface eth0:1 inet static
address 192.168.2.2
netmask 255.255.0.0
broadcast 192.168.2.255

Bind9 configuration

edit bind9 configuration

nano /etc/bind/named.conf.options

and I add/modify this

auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { 127.0.0.1; 192.168.2.2; };
listen-on { 127.0.0.1; 192.168.2.2; };
recursion yes;
allow-query { any; };

Installation of pi-hole

wget -O basic-install.sh https://install.pi-hole.net
chmod +x basic-install.sh
./basic-install.sh

Note: during the installation you wil be asked for DNS, simply enter 127.0.0.1, 192.168.2.2

The END

/etc/dnsmasq.d/01-pihole.conf

# Pi-hole: A black hole for Internet advertisements
# (c) 2015, 2016 by Jacob Salmela
# Network-wide ad blocking via your Raspberry Pi
# http://pi-hole.net
# dnsmasq config for Pi-hole
#
# Pi-hole is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.

###############################################################################
#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
#                                                                             #
#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
#                      /etc/pihole/setupVars.conf                             #
#                                                                             #
#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE           #
#                        OR IN /etc/dnsmasq.conf                              #
###############################################################################

address=/pi.hole/192.168.1.109

address=/pi-hole/192.168.1.109

addn-hosts=/etc/pihole/gravity.list

domain-needed

bogus-priv

no-resolv

server=127.0.0.1
server=192.168.2.2

interface=eth0

cache-size=100000

log-queries
log-facility=/var/log/pihole.log

local-ttl=600

log-async

ifconfig :

root@pi-hole:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:00:00:00:00
          inet adr:192.168.1.109  Bcast:192.168.1.255  Masque:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:106118 errors:0 dropped:0 overruns:0 frame:0
          TX packets:99749 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000
          RX bytes:61093835 (58.2 MiB)  TX bytes:44930671 (42.8 MiB)

eth0:1    Link encap:Ethernet  HWaddr 08:00:00:00:00:00
          inet adr:192.168.2.2  Bcast:192.168.2.255  Masque:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Boucle locale
          inet adr:127.0.0.1  Masque:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:8428 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8428 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          RX bytes:757064 (739.3 KiB)  TX bytes:757064 (739.3 KiB)

/etc/pihole/adlists.list

## Pi-hole ad-list default sources. Updated 26/11/2016 by janus57 to include W7 telemetry

# The below list amalgamates several lists we used previously.
# See `https://github.com/StevenBlack/hosts` for details
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

# Other lists we consider safe:
http://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt

# hosts-file.net list. Updated frequently, but has been known to block legitimate sites.
https://hosts-file.net/ad_servers.txt

# Mahakala list. Has been known to block legitimage domains including the entire .com range.
# Warning: Due to the sheer size of this list, the web admin console will be unresponsive.
#http://adblock.mahakala.is/

# ADZHOSTS list. Has been known to block legitimate domains
#http://optimate.dl.sourceforge.net/project/adzhosts/HOSTS.txt

# Windows 10 telemetry list
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt

# Windows 7 telemetry list
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win7/spy.txt

# Securemecca.com list - Also blocks "adult" sites (pornography/gambling etc)
#http://securemecca.com/Downloads/hosts.txt

# Quidsup's tracker list
https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt

# Block the BBC News website Breaking News banner
#https://raw.githubusercontent.com/BreakingTheNews/BreakingTheNews.github.io/master/hosts

# Untested Lists:
#https://raw.githubusercontent.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt
#https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt
#http://malwaredomains.lehigh.edu/files/domains.txt
# Following two lists should be used simultaneously: (readme https://github.com/notracking/hosts-blocklists/)
#https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt
#https://raw.github.com/notracking/hosts-blocklists/master/domains.txt
# Combination of serveral host files on the internet (warning some facebook domains are also blocked but you can g$
#https://raw.githubusercontent.com/mat1th/Dns-add-block/master/hosts
@jeffgkd705

This comment has been minimized.

Copy link

@jeffgkd705 jeffgkd705 commented Mar 28, 2021

When you create the virtual interface, you create it as a /16. I would have thought you would want to create it as a /24. What am I not understanding?

@janus57

This comment has been minimized.

Copy link
Owner Author

@janus57 janus57 commented Mar 28, 2021

Hello,

in this case i wanted a /16 to cover all the private subnet and have internal DNS zone not described in this gist, and avoid internal routing.

I could have use a /24 with vlan and virtuel interface per vlan, but at this time i don't have L2 switch to do this, so i use the "simple" methode.

Cordially, janus57

@sohojmanush

This comment has been minimized.

Copy link

@sohojmanush sohojmanush commented Apr 4, 2021

Does, this mean bind9 has its own ip , so pihole can send queries using 192.168.2.2? Also, does addition of named.conf.options means it will act as an authoritative server? allow-query { any; }; is this mean bind9 will accept queries from any source? Sorry, for asking too many things, very new to pihole and dns servers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment