8

Setup: I am a student living in a shared appartment with other students. My landlord lives in the same building and we all use his network (192.168.178.0/24) for internet access. I have my own subnet (192.168.171.0/24) within my room and a router connecting the two. My router uses my landlord's router (192.168.178.1) as the standard gateway and the only cable connecting my router to the landlord's network is appropriately plugged into my router's WAN port. The router acts as the DHCP for my subnet. Within my subnet, i am using a desktop PC and a raspberry pi (static IP 192.168.171.128).

Graph of the network

Problem: After installing Pi-Hole on my pi and configuring my router's DHCP to announce the Pi as the default DNS server, my landlord complained that my pi was showing up in and reconfiguring his devices. He refused to give me details due to data protection regulations, but as far as I understand it, his devices used my Pi as either as a standard gateway or dns server, which caused his (and subsequently everyone else's) internet access to crash, presumably because one of those devices was his router. He specifically mentioned the Pi, probably because the Pi's hostname (raspberry) was visible to him. Note, that I did not enable Pi-Hole's dhcp server and that the logs on the pi show no dns requests from either outside my subnet or from my router. Also, I myself did not experience any problems with my internet connection.

Question: How is this possible? Afaik, being in two different subnets, my pi and his devices should not be able to see one another. Even if they saw one another, the Pi should not be causing any trouble, unless manually configured to be the devices' DNS resolver.

Current Solution: I did of course disconnect the Pi from the network as soon as I was made aware of the problem.

Attie
  • 19,231
  • 5
  • 58
  • 73
  • 2
    Your landlord accesses the internet via their router (i.e: to the left of the diagram)? And your router's WAN port is connected to your landlord's network? And your router is configured as a "typical cable router" (i.e: masquerading, routing not switching, etc...)? Without both port forwarding on your router, and a configuration change to your landlord's network, this should not be possible. Can you confirm from other people (not the landlord) that their internet access was actually affected? – Attie Oct 28 '19 at 12:27
  • 2
    Something is wrong with your router's setup, in that it doesn't match what you've described. Your assumption about your subnet isolation is correct. Everything you've described is correct but the observed behaviour doesn't seem to match. – RJFalconer Oct 28 '19 at 12:30
  • Additionally, I would have expected your solution of "_disconnect the pi_" to cause further issues (timeouts, failed lookups, etc...) rather than immediately resolve the situation... – Attie Oct 28 '19 at 12:32
  • @Attie I can confirm all of what you said, and other people in the house have confirmed being affected. –  Oct 28 '19 at 12:39
  • 1
    @Attie after disconnecting the Pi, my landlord rebooted his devices and problems on his end and everywhere else in the network were gone. I of course had to reconfigure the DNS settings of my router's DHCP –  Oct 28 '19 at 12:41
  • 1
    @RJFalconer I completely agree with your statement, yet I cannot find the problem in my configuration. I am using a Fritz!Box 4020 as my router and have configured it to act as a DHCP client to obtain it's connection details on the WAN port. I have confirmed by plugging my desktop directly into my landlord's network that it does in fact use the described IP subnet (192.168.178/24). –  Oct 28 '19 at 12:45
  • Nice diagram, I wish I could do that, seriously. – Moab Oct 28 '19 at 12:49
  • 5
    Honestly, "data protection regulations" sounds like a bullshit excuse. Run a packet capture (tcpdump) on your router's WAN interface and see if there are any outgoing packets with your Pi as source, or if there are any outgoing DHCP lease offers to the landlord's network. – u1686_grawity Oct 28 '19 at 13:46
  • As others have mentioned, the observed behavior by the landlord doesn't make sense. Regardless of whatever the issue is, wouldn't it be recommended for the landlord's router to specify it's DHCP server as authoritative _(configured via router's WebUI)_ since there are other RFC1918 DHCP servers behind it? – JW0914 Nov 01 '19 at 13:46
  • I was going to post an answer as y text is too long but in the end I dont think its clear - Can you plug one of your devices into the landlords network and see what happens to it – Ross Dec 01 '19 at 06:22
  • It's possibly a bad setting on your router. Check to make sure there are no port-forwarding enabled in your router and disable Upnp. Also don't forget to check to see if DMZ was enabled by accident. Also I'd try changing your LAN to another IP class address, ie to class A (10.0.0.0/24) just to see if that helps. The last resort is to try another router, as to rule out any defective hardware or firmware or security flaw with current router. – otter.pro Jan 15 '20 at 00:08

1 Answers1

1

It sounds like the broadcast domains might not be isolated.

If devices on his segment are actually getting DHCP leases from your router, even if it is 50% of the time, that might explain it.

The only way your Pihole DNS server affects your landlord's subnet is if they are getting it from your DHCP server. Which, if true, means the Pihole is just a symptom of a larger problem. You can also easily test this without turning on the Pihole.

So with your Pihole turned off, see if you can test this. Check the DHCP leases on your DHCP server. Or better yet double check on your landlord's side to see what Lease and DHCP options you get when you connect a new device on his site. ipconfig /all will show you the DHCP server that is providing the lease. Run it a couple of times to see if your DHCP server is serving 50% of the leases. You might have misunderstood the subnets, your router config, or the broadcast zones.

madacoda
  • 435
  • 1
  • 3
  • 10