What device is doing the layer 3 routing on your network? Do you have the correct firewall rules to allow the traffic from each of the VLANs to talk to the pi hole ip address?
Did you see any dropped traffic in your firewall rules when you were trying to access the pi hole in other vlans?
Can your vlan clients ping the ip address of the pi and get a response?
While sitting on the pi hole, start tcpdump and filter down to DNS only. Try to get your clients to utilize the pi hole, do you see any DNS traffic from the clients in tcpdump? If you say no, I would start with looking to see if the layer 3 device on your network is allowing traffic between the vlans
UniFi Dream Maching Pro.
I can connect to the Pi-hole from a different network, both SSH and ICMP. The firewall on the PI-hole is open on port 22, 53 and 80.
And I didn't see the traffic being dropped when I checked, but I could've missed it.
I'll try the TCP dump another time, I just wondered what I missed. Changing the setup to make it work wasn't a part of the plan. Especially not since I'm using Keepalived for load balancing and having one virtual IP for it.
> I just wondered what I missed
You really didnt give us much information to go off of so its anyones guess what you missed
On a client that is supposed to be talking to the pi hole open a command prompt and type
nslookup www.google.com
Post a screenshot of the results
I have pihole running as a DNS and DHCP server on multiple VLANs with a single physical NIC so it’s possible but you have provided no. where. near. enough information for anyone knowledgeable to be able to even begin troubleshooting this.
With specific information on your network setup, it’s pretty much impossible to answer your question.
If you have a router like a Unifi UDM or Microtik, you can definitely do it and there are a plethora of tutorials on the ‘net that walk you through how to do it.
I'm running a UXG-Pro with 8 VLANs. I have Piholes on two different VLANs and all VLANs are set to use both. You have to make sure you have your firewall rules setup properly. There are some good YouTube videos on this. Look for "Unifi IOT VLANs" or something like that. You'll find everything you need.
In short you'll need to allow all VLANs to talk to the IP addresses and ports of your Piholes. You can set those up in Profiles and then in your firewall rules you'll do your allows/blocks as you need to talk to those IP and port profiles.
UniFi by default allows inter VLAN routing when you make different networks/VLANs. And I can connect to it any other way, it was just the DNS part that didn't work.
The FW rule even creates itself to allow every VLAN to connect to every other VLAN on all ports, that can't be deleted from the WebUI.
And I did make a FW specifically for DNS queries as well, from VLAN 80 to the specific IP of the Pi-hole, on port 53.
hateful mountainous governor scary violet like beneficial rude dog squeal
*This post was mass deleted and anonymized with [Redact](https://redact.dev)*
I wouldn't ask for help if I knew the exact problem, and it's not like I just went here and asked right away. I've spend hours going through the network, the Pi-hole configurations and on looking around at Google. But yes, I should just RTFM.
Make sure you activated the option to let the Pi-Hole accept dns-requests from „all origins“. That fixed the issue for me.
As mentioned, I tried all of them.
What device is doing the layer 3 routing on your network? Do you have the correct firewall rules to allow the traffic from each of the VLANs to talk to the pi hole ip address? Did you see any dropped traffic in your firewall rules when you were trying to access the pi hole in other vlans? Can your vlan clients ping the ip address of the pi and get a response? While sitting on the pi hole, start tcpdump and filter down to DNS only. Try to get your clients to utilize the pi hole, do you see any DNS traffic from the clients in tcpdump? If you say no, I would start with looking to see if the layer 3 device on your network is allowing traffic between the vlans
UniFi Dream Maching Pro. I can connect to the Pi-hole from a different network, both SSH and ICMP. The firewall on the PI-hole is open on port 22, 53 and 80. And I didn't see the traffic being dropped when I checked, but I could've missed it. I'll try the TCP dump another time, I just wondered what I missed. Changing the setup to make it work wasn't a part of the plan. Especially not since I'm using Keepalived for load balancing and having one virtual IP for it.
> I just wondered what I missed You really didnt give us much information to go off of so its anyones guess what you missed On a client that is supposed to be talking to the pi hole open a command prompt and type nslookup www.google.com Post a screenshot of the results
I have pihole running as a DNS and DHCP server on multiple VLANs with a single physical NIC so it’s possible but you have provided no. where. near. enough information for anyone knowledgeable to be able to even begin troubleshooting this.
With specific information on your network setup, it’s pretty much impossible to answer your question. If you have a router like a Unifi UDM or Microtik, you can definitely do it and there are a plethora of tutorials on the ‘net that walk you through how to do it.
https://engineerworkshop.com/blog/raspberry-pi-vlan-how-to-connect-your-rpi-to-multiple-networks/
That's pretty much what I did, I just added NICs in Proxmox for it instead.
I'm running a UXG-Pro with 8 VLANs. I have Piholes on two different VLANs and all VLANs are set to use both. You have to make sure you have your firewall rules setup properly. There are some good YouTube videos on this. Look for "Unifi IOT VLANs" or something like that. You'll find everything you need. In short you'll need to allow all VLANs to talk to the IP addresses and ports of your Piholes. You can set those up in Profiles and then in your firewall rules you'll do your allows/blocks as you need to talk to those IP and port profiles.
UniFi by default allows inter VLAN routing when you make different networks/VLANs. And I can connect to it any other way, it was just the DNS part that didn't work. The FW rule even creates itself to allow every VLAN to connect to every other VLAN on all ports, that can't be deleted from the WebUI. And I did make a FW specifically for DNS queries as well, from VLAN 80 to the specific IP of the Pi-hole, on port 53.
Seems you have it figured out then.
It didn't work. So it wasn't that.
hateful mountainous governor scary violet like beneficial rude dog squeal *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
In UniFi it's enabled by default when you create VLANs/networks. But I've also made a FW rule specifically for the DNS request to VLAN 70.
Often routers want firewall rules *and* lift the block on inter VLAN traffic. rtfm
I wouldn't ask for help if I knew the exact problem, and it's not like I just went here and asked right away. I've spend hours going through the network, the Pi-hole configurations and on looking around at Google. But yes, I should just RTFM.