DNS Architecture

DNS service architecture with DNS filter filtering and recursive resolution

DNS Architecture

Current Implementation

Service Flow

Client Query (port 53)
       ↓
   Bind9 DNS Server
   (192.168.76.1, 192.168.77.1)
       ↓
   DNS filter Filtering
   (127.0.0.1:5553)
       ↓
   Recursive Resolution
   (Upstream DNS servers)

Bind9 Configuration

Primary DNS: Port 53 on all interfaces
Zones: pimeleon.local (example custom domain)
Forward to: DNS filter (127.0.0.1:5553)
Control: RNDC on port 953

DNS filter Configuration

Listen Port: 5553 (internal only)
Interface: eth1 (LAN interface binding)
Upstream: 127.0.0.1:5054 → Bind9 recursive
Domain: pimeleon.local
Management: Integrated into Pimeleon web interface

Network Zones

lan  (eth1)  - 192.168.76.0/24 - Full DNS access
wifi (wlan0) - 192.168.77.0/24 - Full DNS access (optional segregation)
wan  (eth0)  - External         - No DNS serving

Simple Two-Network Architecture

All clients receive the same DNS service level:

eth1 (LAN): Full DNS resolution and filtering
wlan0 (WiFi): Full DNS resolution and filtering

Both networks have access to:

Internal zone resolution (pimeleon.local or custom domain)
DNS filter ad/tracking blocking
Recursive DNS resolution

Static DNS Records

Infrastructure Hosts

# Example /var/cache/bind/pimeleon.local
pimeleon.local          A    192.168.76.1
router.local            A    192.168.76.1
nas.local               A    192.168.76.5
workstation.local       A    192.168.76.10
printer.local           A    192.168.76.15

Reverse Zones

X.168.192.in-addr.arpa - LAN reverse zone
Y.168.192.in-addr.arpa - WiFi reverse zone

Monitoring

Health Checks

# DNS resolution test
dig @192.168.76.1 pimeleon.local

# DNS filter status (check if ad domain is blocked)
dig @127.0.0.1 -p 5553 doubleclick.net

# Bind9 stats
rndc status

# Query logs
sudo journalctl -u bind9 -f

Log Locations

Bind9: /var/log/named/
DNS filter: /var/log/pihole/
Query logs: Disabled for performance

DNS Configuration Files

Key configuration file locations:

# Bind9 main configuration
/etc/bind/named.conf
/etc/bind/named.conf.options
/etc/bind/named.conf.local

# Zone files
/var/cache/bind/pimeleon.local
/var/cache/bind/db.192.168.76
/var/cache/bind/db.192.168.77

# DNS filter configuration
/etc/pihole/pihole-FTL.conf
/etc/pihole/setupVars.conf
/etc/dnsmasq.d/01-pihole.conf

Troubleshooting

Common Issues

DNS not resolving:

# Check bind9 service status
sudo systemctl status bind9

# Check DNS filter FTL status
sudo systemctl status pihole-FTL

# Test DNS resolution
dig @192.168.76.1 example.com
nslookup pimeleon.local 192.168.76.1

DNS filter not blocking ads:

# Check DNS filter logs
pihole -t

# Verify gravity database
pihole -g

# Check upstream DNS
pihole -q example.com

Slow DNS resolution:

# Check query response times
dig @192.168.76.1 example.com | grep "Query time"

# Monitor bind9 performance
rndc status | grep queries

# Check system resources
top -bn1 | grep -E "named|pihole"

IP Allocation - Network addressing
DNS filter Configuration - DNS filtering setup
wlan0 - WiFi Interface - WiFi interface configuration
DHCP Overview - DHCP service integration

← Back to Dashboard | [🏠 Documentation Home//) | Next: DHCP Overview →