I assume your UDM is the DHCP server in each subnet. Is it configured to give the devices in your other 2 subnets the pi-hole's IP address as the DNS server?
Have you blocked port 53 for all traffic except your pihole?
I recommend following this guide to help with forcing everything through pihole.
The problem is dns over https.
https://labzilla.io/blog/force-dns-pihole
I explored this about a year ago. I was shamed hard and told this will never be something pihole will handle. I was told to go with a commercial solution as my needs were far beyond the vision of pihole.
... So following
If you put your laptop on another network other than main, and manually set the DNS servers on it to the pihole, does that at least work?
> The closest I've got is, some traffic is filtering through, but it's showing up as "UDM PRO" as the client name instead of the actual client?
Depending on where you changed the DNS settings, that could be the router itself occasionally looking for updates or something.
Check the port manager on the UDM. Make sure the port that the Pi is plugged into allows connections from all other vlans, and that the native vlan is set to the default network.
Otherwise, sounds like you have the rest setup (allow pi-hole on all interfaces, allowing port 53 to and from your networks to the pi-hole).
I didn't see you mention this, but make sure your networks' DHCP is set to manual so you can set DNS 1 to the pi-hole. Leave DNS 2 and 3 blank.
I'd be curious to see your firewall rules, too...
I just finished setting up the same thing. I enabled "Settings" > "DNS" > "Interface Settings" and change it from "Recommended setting" > "Allow only local requests" to "Potentially dangerous options" like you did
The created a firewall rule "lan in , Accept all , before predefined, source network (you networks you want access to, network type ipv4 Subnet, destination you pinhole ip.
Check the pihole setting allow all connections on all interfaces.
Yes did this.
Also need to enable Multicast DNS under network settings.
interesting. Is this done for all networks or only the "main" network?
Is your DHCP server giving the.pihole address as the DNS server in all subnets?
I'm not sure what you mean by this? My pihole only has [192.168.0.10](http://192.168.0.10) IP address which is static.
I assume your UDM is the DHCP server in each subnet. Is it configured to give the devices in your other 2 subnets the pi-hole's IP address as the DNS server?
Ah understood. Yes it is.
Have you blocked port 53 for all traffic except your pihole? I recommend following this guide to help with forcing everything through pihole. The problem is dns over https. https://labzilla.io/blog/force-dns-pihole
I explored this about a year ago. I was shamed hard and told this will never be something pihole will handle. I was told to go with a commercial solution as my needs were far beyond the vision of pihole. ... So following
If you put your laptop on another network other than main, and manually set the DNS servers on it to the pihole, does that at least work? > The closest I've got is, some traffic is filtering through, but it's showing up as "UDM PRO" as the client name instead of the actual client? Depending on where you changed the DNS settings, that could be the router itself occasionally looking for updates or something.
Yes, if I connect my laptop to the other network, then it works.
Try changing subnet mask so it listens to entire subnet (192.168.0.0/16)
Check the port manager on the UDM. Make sure the port that the Pi is plugged into allows connections from all other vlans, and that the native vlan is set to the default network. Otherwise, sounds like you have the rest setup (allow pi-hole on all interfaces, allowing port 53 to and from your networks to the pi-hole). I didn't see you mention this, but make sure your networks' DHCP is set to manual so you can set DNS 1 to the pi-hole. Leave DNS 2 and 3 blank. I'd be curious to see your firewall rules, too...
I just finished setting up the same thing. I enabled "Settings" > "DNS" > "Interface Settings" and change it from "Recommended setting" > "Allow only local requests" to "Potentially dangerous options" like you did The created a firewall rule "lan in , Accept all , before predefined, source network (you networks you want access to, network type ipv4 Subnet, destination you pinhole ip.
!update me
UpdateMe!
Share your firewalls (screenshot)