Hi, I installed Nethserver as a Gateway between Router and LAN extended by Modules/Apps DHCP, DNS, Firewall, IPS, Webfilter, DPI, NtopNG
I defined static addresses inside DHCP and added corresponding DNS-Name like diskstation.lan.home in DNS-Server.
I have some shortcomings that make me dissatisfied with DHCP/DNS and filtering unwanted web traffic. Therefore I want to switch to my trusted pihole and do without DNS/DHCP on the Nethserver.
Findings:
The administration overhead is enormous compared to pihole (FTL).
LightSquid Dashboard shows me only the accessed DNS-Addresses not the blocked ones for each client
really poor possibilities to analyze blocked/allowed traffic (for example no drill down from Web Proxy & Filter Dashboard into the Top10 blocked Clients, only IP-Addresses for blocked destinations without the possibility to find out false positives and so on)
no qname-minimisation
poor whitelist- /blacklist-Management
My question about the how-to to switch…
Is it sufficient to disable the DHCP (on green) and DNS server?
Is it sufficient to disable the dnsmasq service for this?
Will all other modules and apps still work?
Do I have to delete all configurations before deactivating, or can I leave them in as fallback?
Because otherwise all the traffic will appears as coming from the NethServer and this will prevent clean statistics in pihole.
By the way, you can always do a test with the proxy in transparent mode
I did it, leaving the proxy in transparent mode. Internet sites are reachable and browsable w/o any issues. I was surprised about the mass requests from the Nethserver.
But I would be disgusted because reading stats is not my main passion.
I can’t explain where the name “_gateway” comes from, because I haven’t assigned this name anywhere. Also I cannot explain, why the _gateway answers DNS-requests (and so much)
Summary: Step 1: I configured the pihole-“Server” as DNS-Server with any external forwarder or local DNS-Resolver (unbound)
Search DNS: lan.home
Never forward non-FQDNs: Off
Never forward reverse lookups for private IP ranges: off
Use DNSSEC: on
Use Conditional Forwarding: on
IP of your router: 192.168.3.1 (= Nethserver)
Local domain name: lan.home
Step 2: defined Pihole-Server as forwarder in Nethserver (Cockpit Dashbord)
Step 3: Checked the name resolution for external DNS names, All works fine.
Step 4: Deaktivating DHPC on Nethserver/ Activating DHCP an pihole
Range of IP addresses to hand out: 192.168.3.100-192.168.3.100
Router (gateway) IP address: 192.168.3.1
Pi-hole domain name: lan.home
Enable IPv6 support (SLAAC + RA): Off
Enable DHCP rapid commit (fast address assignment): off
Step 5: defined static DHCP-addresses with identical IPs and names like on Nethserver DNS Step 6: renewed leases in LAN-Clients Step 7 : changed pihole DNS-Configurtaion:
Search DNS: lan.home
Never forward non-FQDNs: ON
Never forward reverse lookups for private IP ranges: on
Use DNSSEC: on
Use Conditional Forwarding: off
IP of your router: 192.168.3.1 (= Nethserver)
Local domain name: lan.home
Step 8: deleted DNS-Defintions on Nethserver-DNS Step 9: re-adjusted firewall groups
So far I have not examined the firewall, IPS and web proxy functions.