Hello, this is Jon The Nice Guy, and after 10 years of knowing about Hacker Public Radio, here is my first podcast for the network.

Firstly, I want to give a shout out to my Admin Admin Podcast co-host Al, who I heard just a week-or-so ago talking about Proxmox! Glad to hear you're over here too!

I wanted to record an episode on my ridiculously complicated DHCP setup at home. I'm not saying this is the right or even a good idea for anyone else, but it's something you might want to do.

Firstly, a little about why I have a complicated DHCP setup, and it starts with the router my previous ISP gave me.

My router could just about cope with serving DHCP, but at the time when I was experimenting with running services on my home lab, the DNS server on the router wouldn't return addresses for hosts on my network, just those on the public internet. This wasn't a great experience! So, I installed PiHole [1] - initially because I'd heard good things about it's ad blocking capabilities, but later because it was just a pretty and sensible DHCP and DNS server that I could do things with.

Under the covers, PiHole is running DNSMasq [2], which means that all the configuration is plain text files that I can overwrite with Ansible [3].

My PiHole was running on a Raspberry Pi 2 [4], in a lego-style case [5] plugged into the back of my router. And this was fine for a few months. And then it ran out of storage space, I changed jobs, my wife complained one too many times, and I reverted back to using the router's DHCPd and DNS. I also picked up either Nebula [6] or Tailscale [7] at around that time too, so I didn't need internal DNS to resolve to home services any more, and anything public I setup external DNS records pointing to the internal addresses. Job done.

Scrub forward a couple of years, and when I changed jobs, I got a joining bonus which paid for me to get wired network around my house. I also setup my own Proxmox [8] cluster, which I documented on a post [9] on my blog [10]. Again, everything was peachy. I setup home assistant [11], which I expose on to the internet via a proxy on my VPS, and everything was still good... but things are a little more complicated now - I've got more stuff to keep track of and the router's DHCP server was struggling a little... but it was all OK.

And then I changed ISP. My new ISP shipped a router running a customized version of OpenWRT [12], and I thought, finally, a good router! And then I realised I couldn't do *anything* sensible with it. It was so locked down, I couldn't even change the admin password without factory resetting it! Ugh. Within a couple of weeks my wife was complaining about random intermittent DNS requests failing, and I was seeing it too. So, I found on the Proxmox Helper Scripts [13] website that someone had put a script to setup a PiHole instance... So naturally, as I had two Proxmox Servers by this point, I ran two PiHole servers. This lasted a few months until I performed a system upgrade to the proxmox cluster and it took down both Proxmox cluster members at the same time and DNS fell off the network! I revived the Raspberry Pi 2 which now sits attached to the router again! Yes!

Meanwhile, I was now getting more into IoT and I had several Tuya IoT devices connected over Wifi, and the 254 network addresses available in the /24 sized network [14] to me at home didn't seem enough, so I decided to expand my network to a /22, giving me enough address space for 1022 devices. Plus, I have kids, who each have computers and phones and games devices, my wife and I both work from home, so we both have computers from work and our own devices too... so I decided, now is the time to plan out my network.

I decided to use PHPIPAM [15] having been asked to look at it at work, and found it was a good fit for what I wanted to do with it.

PHPIPAM is really designed for owners of large-scale networks, people who allocate chunks of public IP scopes and IPv6 address ranges, but it will subdivide smaller network blocks, and so I could carve up my network.

I decided to split my /22 into four /24 networks. One was dedicated to DHCP addressed items, with one smaller subnet in there allocated to the Proxmox hosted PiHole and another to the Raspberry Pi hosted PiHole, and both are basically a catch-all for anything I've not yet allocated. One was for end-user devices, like phones, computers, TVs and Games Consoles separated into smaller subnets per-person and one additional subnet for room-shared devices like TVs and Games Consoles. One subnet was separated into smaller subnets for IoT devices and core network things, like mains and network switches, light bulbs, cameras and printers. The last /24 subnet was undivided, but was for servers, both physical and virtual.

Great, I've now got a lovely network map [IMAGE1], but *ugh* I've got to transfer all those DHCP and static IP allocations to the PiHoles. And, while I'd been using Gravity Sync [15] to synchronize between the two PiHole devices, sometimes it took a while for Gravity Sync to sync.

And over time, I wanted to expose some of those services I was running at home, to my family, at home.

So, I turned to Ansible.

A few years ago, I'd helped write some Ansible modules which were used to interact with a cloud service my employer at the time was running, so I had a kind of idea on how Ansible works under the surface, the documentation for writing a new set of lookups was OK, and ChatGPT helped where I lost my way.

I knew that there was a Terraform [17] Provider [18] for PHPIPAM, so there was a working API... and so I knew I could look up data in PHPIPAM. I wrote some Ansible lookups [19] to confirm the data was accessible from PHPIPAM, and it was! Great, now all I needed to do was to drop files into PiHole.

I'd heard Alex [20] from the Self Hosting Podcast [21] talking about how he wrote some Ansible to automate his PiHole management [22], but it assumed a lot about how your network was setup and integrated a lot with other things he did - no complaints there! It's his network after all! But so I knew I needed to do 5 things.

1. Create a list of static DHCP allocations on both PiHole devices.

2. Create a list of DNS names to resolve in the internal network to addresses via A records

3. Create a list of DNS names to resolve to other DNS names via CNAME records

4. Create a list of DNS wildcards, so anything ending in that name would appear in my network.

5. If anything changed, restart DNSMasq.

I wrote this code and ran it. Well, ran it and it didn't work, so I fixed it and ran it again... and again and again until it did work.

I've just added that to my Github today, so feel free to take a look [23].

You've spent a while listening to this, so what is my "too long, didn't listen"?

I have two pihole devices, I run a phpipam service under docker on a LXC container on my proxmox server. On the same LXC container I have a cron job which triggers the ansible playbook every 5 minutes to push any updates to PHPIPAM to the pihole hosts.

Every few days I check to see what hosts have turned up in the DHCP pools on the PiHole hosts, map those to hosts I want to track in the future, and allocate them addresses in PHPIPAM so that those hosts will get managed IP addresses after 5 minutes, the next time they renew their DHCP addresses...

Tada!

For more over engineered solutions like this, feel free to take a look at the content on my blog, or maybe I'll appear again, on Hacker... Public... Radio.

Take care, 73.

[1] PiHole: https://pi-hole.net/

[2] DNSMasq: https://thekelleys.org.uk/dnsmasq/doc.html

[3] Ansible: https://ansible.com

[4] Raspberry Pi: https://www.raspberrypi.com/products/

[5] Lego style case: https://www.amazon.co.uk/gp/product/B015WVR5BS

[6] Nebula: https://www.defined.net/

[7] Tailscale: https://tailscale.com/

[8] Proxmox: https://www.proxmox.com

[9] Proxmox post: https://jon.sprig.gs/blog/post/2885

[10] My blog: https://jon.sprig.gs

[11] Home Assistant: https://www.home-assistant.io/

[12] OpenWRT: https://openwrt.org/

[13] Helper Scripts: https://community-scripts.github.io/ProxmoxVE/

[14] Network address spreadsheet: https://gist.github.com/JonTheNiceGuy/a847aa4faf878d7d6cee5c069e1d66d6

[15] PHPIPAM: https://phpipam.net/

[16] Gravity Sync: https://github.com/vmstan/gravity-sync

[17] Terraform: https://www.terraform.io/

[18] PHPIPAM Terraform Provider: https://registry.terraform.io/providers/lord-kyron/phpipam/latest

[19] Ansible Lookup: https://gist.github.com/JonTheNiceGuy/289a8a2e0233e730f0fbc8f958ec4bc6

[20] Alex Kretzschmar: https://alex.ktz.me/

[21] Self Hosted Podcast: https://selfhosted.show/

[22] Fully Automated DNS and DHCP with PiHole and DNSMasq: https://blog.ktz.me/fully-automated-dns-and-dhcp-with-pihole-and-dnsmasq/

[23] ansible-pihole: https://github.com/JonTheNiceGuy/ansible-pihole

[IMAGE1] https://jon.sprig.gs/blog/wp-content/uploads/2024/12/Screenshot-from-2024-12-20-19-29-22.png