Sign up to save your podcasts
Or
Share HPR4281: My ridiculously complicated DHCP setup at home
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
HPR4281: My ridiculously complicated DHCP setup at home
This show has been flagged as Clean by the host.
Hello, this is Jon The Nice Guy, and after 10 years of knowing
about Hacker Public Radio, here is my first podcast for the
network.
Firstly, I want to give a shout out to my Admin Admin Podcast
co-host Al, who I heard just a week-or-so ago talking about
Proxmox! Glad to hear you're over here too!
I wanted to record an episode on my ridiculously complicated DHCP
setup at home. I'm not saying this is the right or even a good
idea for anyone else, but it's something you might want to do.
Firstly, a little about why I have a complicated DHCP setup, and
it starts with the router my previous ISP gave me.
My router could just about cope with serving DHCP, but at the time
when I was experimenting with running services on my home lab, the
DNS server on the router wouldn't return addresses for hosts on my
network, just those on the public internet. This wasn't a great
experience! So, I installed PiHole [1] - initially because I'd
heard good things about it's ad blocking capabilities, but later
because it was just a pretty and sensible DHCP and DNS server that
I could do things with.
Under the covers, PiHole is running DNSMasq [2], which means that
all the configuration is plain text files that I can overwrite
with Ansible [3].
My PiHole was running on a Raspberry Pi 2 [4], in a lego-style
case [5] plugged into the back of my router. And this was fine for
a few months. And then it ran out of storage space, I changed
jobs, my wife complained one too many times, and I reverted back
to using the router's DHCPd and DNS. I also picked up either
Nebula [6] or Tailscale [7] at around that time too, so I didn't
need internal DNS to resolve to home services any more, and
anything public I setup external DNS records pointing to the
internal addresses. Job done.
Scrub forward a couple of years, and when I changed jobs, I got a
joining bonus which paid for me to get wired network around my
house. I also setup my own Proxmox [8] cluster, which I documented
on a post [9] on my blog [10]. Again, everything was peachy. I
setup home assistant [11], which I expose on to the internet via a
proxy on my VPS, and everything was still good... but things are a
little more complicated now - I've got more stuff to keep track of
and the router's DHCP server was struggling a little... but it was
all OK.
And then I changed ISP. My new ISP shipped a router running a
customized version of OpenWRT [12], and I thought, finally, a good
router! And then I realised I couldn't do *anything* sensible with
it. It was so locked down, I couldn't even change the admin
password without factory resetting it! Ugh. Within a couple of
weeks my wife was complaining about random intermittent DNS
requests failing, and I was seeing it too. So, I found on the
Proxmox Helper Scripts [13] website that someone had put a script
to setup a PiHole instance... So naturally, as I had two Proxmox
Servers by this point, I ran two PiHole servers. This lasted a few
months until I performed a system upgrade to the proxmox cluster
and it took down both Proxmox cluster members at the same time and
DNS fell off the network! I revived the Raspberry Pi 2 which now
sits attached to the router again! Yes!
Meanwhile, I was now getting more into IoT and I had several Tuya
IoT devices connected over Wifi, and the 254 network addresses
available in the /24 sized network [14] to me at home didn't seem
enough, so I decided to expand my network to a /22, giving me
enough address space for 1022 devices. Plus, I have kids, who each
have computers and phones and games devices, my wife and I both
work from home, so we both have computers from work and our own
devices too... so I decided, now is the time to plan out my
network.
I decided to use PHPIPAM [15] having been asked to look at it at
work, and found it was a good fit for what I wanted to do with it.
PHPIPAM is really designed for owners of large-scale networks,
people who allocate chunks of public IP scopes and IPv6 address
ranges, but it will subdivide smaller network blocks, and so I
could carve up my network.
I decided to split my /22 into four /24 networks. One was
dedicated to DHCP addressed items, with one smaller subnet in
there allocated to the Proxmox hosted PiHole and another to the
Raspberry Pi hosted PiHole, and both are basically a catch-all for
anything I've not yet allocated. One was for end-user devices,
like phones, computers, TVs and Games Consoles separated into
smaller subnets per-person and one additional subnet for
room-shared devices like TVs and Games Consoles. One subnet was
separated into smaller subnets for IoT devices and core network
things, like mains and network switches, light bulbs, cameras and
printers. The last /24 subnet was undivided, but was for servers,
both physical and virtual.
Great, I've now got a lovely network map [IMAGE1], but *ugh* I've
got to transfer all those DHCP and static IP allocations to the
PiHoles. And, while I'd been using Gravity Sync [15] to
synchronize between the two PiHole devices, sometimes it took a
while for Gravity Sync to sync.
And over time, I wanted to expose some of those services I was
running at home, to my family, at home.
So, I turned to Ansible.
A few years ago, I'd helped write some Ansible modules which were
used to interact with a cloud service my employer at the time was
running, so I had a kind of idea on how Ansible works under the
surface, the documentation for writing a new set of lookups was
OK, and ChatGPT helped where I lost my way.
I knew that there was a Terraform [17] Provider [18] for PHPIPAM,
so there was a working API... and so I knew I could look up data
in PHPIPAM. I wrote some Ansible lookups [19] to confirm the data
was accessible from PHPIPAM, and it was! Great, now all I needed
to do was to drop files into PiHole.
I'd heard Alex [20] from the Self Hosting Podcast [21] talking
about how he wrote some Ansible to automate his PiHole management
[22], but it assumed a lot about how your network was setup and
integrated a lot with other things he did - no complaints there!
It's his network after all! But so I knew I needed to do 5 things.
1. Create a list of static DHCP allocations on both PiHole
devices.
2. Create a list of DNS names to resolve in the internal network
to addresses via A records
3. Create a list of DNS names to resolve to other DNS names via
CNAME records
4. Create a list of DNS wildcards, so anything ending in that name
would appear in my network.
5. If anything changed, restart DNSMasq.
I wrote this code and ran it. Well, ran it and it didn't work, so
I fixed it and ran it again... and again and again until it did
work.
I've just added that to my Github today, so feel free to take a
look [23].
You've spent a while listening to this, so what is my "too long,
didn't listen"?
I have two pihole devices, I run a phpipam service under docker on
a LXC container on my proxmox server. On the same LXC container I
have a cron job which triggers the ansible playbook every 5
minutes to push any updates to PHPIPAM to the pihole hosts.
Every few days I check to see what hosts have turned up in the
DHCP pools on the PiHole hosts, map those to hosts I want to track
in the future, and allocate them addresses in PHPIPAM so that
those hosts will get managed IP addresses after 5 minutes, the
next time they renew their DHCP addresses...
Tada!
For more over engineered solutions like this, feel free to take a
look at the content on my blog, or maybe I'll appear again, on
Hacker... Public... Radio.
Take care, 73.
[1] PiHole: https://pi-hole.net/
[2] DNSMasq: https://thekelleys.org.uk/dnsmasq/doc.html
[3] Ansible: https://ansible.com
[4] Raspberry Pi: https://www.raspberrypi.com/products/
[5] Lego style case: https://www.amazon.co.uk/gp/product/B015WVR5BS
[6] Nebula: https://www.defined.net/
[7] Tailscale: https://tailscale.com/
[8] Proxmox: https://www.proxmox.com
[9] Proxmox post: https://jon.sprig.gs/blog/post/2885
[10] My blog: https://jon.sprig.gs
[11] Home Assistant: https://www.home-assistant.io/
[12] OpenWRT: https://openwrt.org/
[13] Helper Scripts: https://community-scripts.github.io/ProxmoxVE/
[14] Network address spreadsheet: https://gist.github.com/JonTheNiceGuy/a847aa4faf878d7d6cee5c069e1d66d6
[15] PHPIPAM: https://phpipam.net/
[16] Gravity Sync: https://github.com/vmstan/gravity-sync
[17] Terraform: https://www.terraform.io/
[18] PHPIPAM Terraform Provider: https://registry.terraform.io/providers/lord-kyron/phpipam/latest
[19] Ansible Lookup: https://gist.github.com/JonTheNiceGuy/289a8a2e0233e730f0fbc8f958ec4bc6
[20] Alex Kretzschmar: https://alex.ktz.me/
[21] Self Hosted Podcast: https://selfhosted.show/
[22] Fully Automated DNS and DHCP with PiHole and DNSMasq: https://blog.ktz.me/fully-automated-dns-and-dhcp-with-pihole-and-dnsmasq/
[23] ansible-pihole: https://github.com/JonTheNiceGuy/ansible-pihole
[IMAGE1] https://jon.sprig.gs/blog/wp-content/uploads/2024/12/Screenshot-from-2024-12-20-19-29-22.png
https://jon.sprig.gs/blog/wp-content/uploads/2024/12/Screenshot-from-2024-12-20-19-29-22.png" rel="noopener noreferrer">
Provide feedback on this episode.
View all episodes
By Hacker Public Radio
4.2
3434 ratings
This show has been flagged as Clean by the host.
Hello, this is Jon The Nice Guy, and after 10 years of knowing
about Hacker Public Radio, here is my first podcast for the
network.
Firstly, I want to give a shout out to my Admin Admin Podcast
co-host Al, who I heard just a week-or-so ago talking about
Proxmox! Glad to hear you're over here too!
I wanted to record an episode on my ridiculously complicated DHCP
setup at home. I'm not saying this is the right or even a good
idea for anyone else, but it's something you might want to do.
Firstly, a little about why I have a complicated DHCP setup, and
it starts with the router my previous ISP gave me.
My router could just about cope with serving DHCP, but at the time
when I was experimenting with running services on my home lab, the
DNS server on the router wouldn't return addresses for hosts on my
network, just those on the public internet. This wasn't a great
experience! So, I installed PiHole [1] - initially because I'd
heard good things about it's ad blocking capabilities, but later
because it was just a pretty and sensible DHCP and DNS server that
I could do things with.
Under the covers, PiHole is running DNSMasq [2], which means that
all the configuration is plain text files that I can overwrite
with Ansible [3].
My PiHole was running on a Raspberry Pi 2 [4], in a lego-style
case [5] plugged into the back of my router. And this was fine for
a few months. And then it ran out of storage space, I changed
jobs, my wife complained one too many times, and I reverted back
to using the router's DHCPd and DNS. I also picked up either
Nebula [6] or Tailscale [7] at around that time too, so I didn't
need internal DNS to resolve to home services any more, and
anything public I setup external DNS records pointing to the
internal addresses. Job done.
Scrub forward a couple of years, and when I changed jobs, I got a
joining bonus which paid for me to get wired network around my
house. I also setup my own Proxmox [8] cluster, which I documented
on a post [9] on my blog [10]. Again, everything was peachy. I
setup home assistant [11], which I expose on to the internet via a
proxy on my VPS, and everything was still good... but things are a
little more complicated now - I've got more stuff to keep track of
and the router's DHCP server was struggling a little... but it was
all OK.
And then I changed ISP. My new ISP shipped a router running a
customized version of OpenWRT [12], and I thought, finally, a good
router! And then I realised I couldn't do *anything* sensible with
it. It was so locked down, I couldn't even change the admin
password without factory resetting it! Ugh. Within a couple of
weeks my wife was complaining about random intermittent DNS
requests failing, and I was seeing it too. So, I found on the
Proxmox Helper Scripts [13] website that someone had put a script
to setup a PiHole instance... So naturally, as I had two Proxmox
Servers by this point, I ran two PiHole servers. This lasted a few
months until I performed a system upgrade to the proxmox cluster
and it took down both Proxmox cluster members at the same time and
DNS fell off the network! I revived the Raspberry Pi 2 which now
sits attached to the router again! Yes!
Meanwhile, I was now getting more into IoT and I had several Tuya
IoT devices connected over Wifi, and the 254 network addresses
available in the /24 sized network [14] to me at home didn't seem
enough, so I decided to expand my network to a /22, giving me
enough address space for 1022 devices. Plus, I have kids, who each
have computers and phones and games devices, my wife and I both
work from home, so we both have computers from work and our own
devices too... so I decided, now is the time to plan out my
network.
I decided to use PHPIPAM [15] having been asked to look at it at
work, and found it was a good fit for what I wanted to do with it.
PHPIPAM is really designed for owners of large-scale networks,
people who allocate chunks of public IP scopes and IPv6 address
ranges, but it will subdivide smaller network blocks, and so I
could carve up my network.
I decided to split my /22 into four /24 networks. One was
dedicated to DHCP addressed items, with one smaller subnet in
there allocated to the Proxmox hosted PiHole and another to the
Raspberry Pi hosted PiHole, and both are basically a catch-all for
anything I've not yet allocated. One was for end-user devices,
like phones, computers, TVs and Games Consoles separated into
smaller subnets per-person and one additional subnet for
room-shared devices like TVs and Games Consoles. One subnet was
separated into smaller subnets for IoT devices and core network
things, like mains and network switches, light bulbs, cameras and
printers. The last /24 subnet was undivided, but was for servers,
both physical and virtual.
Great, I've now got a lovely network map [IMAGE1], but *ugh* I've
got to transfer all those DHCP and static IP allocations to the
PiHoles. And, while I'd been using Gravity Sync [15] to
synchronize between the two PiHole devices, sometimes it took a
while for Gravity Sync to sync.
And over time, I wanted to expose some of those services I was
running at home, to my family, at home.
So, I turned to Ansible.
A few years ago, I'd helped write some Ansible modules which were
used to interact with a cloud service my employer at the time was
running, so I had a kind of idea on how Ansible works under the
surface, the documentation for writing a new set of lookups was
OK, and ChatGPT helped where I lost my way.
I knew that there was a Terraform [17] Provider [18] for PHPIPAM,
so there was a working API... and so I knew I could look up data
in PHPIPAM. I wrote some Ansible lookups [19] to confirm the data
was accessible from PHPIPAM, and it was! Great, now all I needed
to do was to drop files into PiHole.
I'd heard Alex [20] from the Self Hosting Podcast [21] talking
about how he wrote some Ansible to automate his PiHole management
[22], but it assumed a lot about how your network was setup and
integrated a lot with other things he did - no complaints there!
It's his network after all! But so I knew I needed to do 5 things.
1. Create a list of static DHCP allocations on both PiHole
devices.
2. Create a list of DNS names to resolve in the internal network
to addresses via A records
3. Create a list of DNS names to resolve to other DNS names via
CNAME records
4. Create a list of DNS wildcards, so anything ending in that name
would appear in my network.
5. If anything changed, restart DNSMasq.
I wrote this code and ran it. Well, ran it and it didn't work, so
I fixed it and ran it again... and again and again until it did
work.
I've just added that to my Github today, so feel free to take a
look [23].
You've spent a while listening to this, so what is my "too long,
didn't listen"?
I have two pihole devices, I run a phpipam service under docker on
a LXC container on my proxmox server. On the same LXC container I
have a cron job which triggers the ansible playbook every 5
minutes to push any updates to PHPIPAM to the pihole hosts.
Every few days I check to see what hosts have turned up in the
DHCP pools on the PiHole hosts, map those to hosts I want to track
in the future, and allocate them addresses in PHPIPAM so that
those hosts will get managed IP addresses after 5 minutes, the
next time they renew their DHCP addresses...
Tada!
For more over engineered solutions like this, feel free to take a
look at the content on my blog, or maybe I'll appear again, on
Hacker... Public... Radio.
Take care, 73.
[1] PiHole: https://pi-hole.net/
[2] DNSMasq: https://thekelleys.org.uk/dnsmasq/doc.html
[3] Ansible: https://ansible.com
[4] Raspberry Pi: https://www.raspberrypi.com/products/
[5] Lego style case: https://www.amazon.co.uk/gp/product/B015WVR5BS
[6] Nebula: https://www.defined.net/
[7] Tailscale: https://tailscale.com/
[8] Proxmox: https://www.proxmox.com
[9] Proxmox post: https://jon.sprig.gs/blog/post/2885
[10] My blog: https://jon.sprig.gs
[11] Home Assistant: https://www.home-assistant.io/
[12] OpenWRT: https://openwrt.org/
[13] Helper Scripts: https://community-scripts.github.io/ProxmoxVE/
[14] Network address spreadsheet: https://gist.github.com/JonTheNiceGuy/a847aa4faf878d7d6cee5c069e1d66d6
[15] PHPIPAM: https://phpipam.net/
[16] Gravity Sync: https://github.com/vmstan/gravity-sync
[17] Terraform: https://www.terraform.io/
[18] PHPIPAM Terraform Provider: https://registry.terraform.io/providers/lord-kyron/phpipam/latest
[19] Ansible Lookup: https://gist.github.com/JonTheNiceGuy/289a8a2e0233e730f0fbc8f958ec4bc6
[20] Alex Kretzschmar: https://alex.ktz.me/
[21] Self Hosted Podcast: https://selfhosted.show/
[22] Fully Automated DNS and DHCP with PiHole and DNSMasq: https://blog.ktz.me/fully-automated-dns-and-dhcp-with-pihole-and-dnsmasq/
[23] ansible-pihole: https://github.com/JonTheNiceGuy/ansible-pihole
[IMAGE1] https://jon.sprig.gs/blog/wp-content/uploads/2024/12/Screenshot-from-2024-12-20-19-29-22.png
https://jon.sprig.gs/blog/wp-content/uploads/2024/12/Screenshot-from-2024-12-20-19-29-22.png" rel="noopener noreferrer">
Provide feedback on this episode.
More shows like Hacker Public Radio
View all
Security Now (Audio)
1,971 Listeners
Off The Hook
117 Listeners
No Agenda Show
5,938 Listeners
The Changelog: Software Development, Open Source
283 Listeners
LINUX Unplugged
265 Listeners
BSD Now
89 Listeners
Open Source Security
43 Listeners
Late Night Linux
154 Listeners
The Linux Cast
35 Listeners
Darknet Diaries
7,864 Listeners
This Week in Linux
36 Listeners
Linux Dev Time
21 Listeners
Hacking Humans
314 Listeners
2.5 Admins
92 Listeners
Linux Matters
20 Listeners