From 6ea71dfdb75ba5c041e8b13464b987683d44093e Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Thu, 11 Jun 2026 18:39:52 +0200 Subject: [PATCH] =?UTF-8?q?pihole:=20split-horizon=20=E2=80=94=20forward?= =?UTF-8?q?=20demo-felhom.eu=20to=20the=20felhom-pve=20host=20resolver?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The stale `address=/demo-felhom.eu/192.168.0.162` pinned A to the host (pre-Proxmox era, when the host ran traefik) and forwarded AAAA upstream → Cloudflare (split-brain), so LAN clients hit 192.168.0.162:443 (nothing there) → ERR_CONNECTION_REFUSED. Switch to a conditional forward `server=/demo-felhom.eu/192.168.0.162` so the Pi-hole relays the zone to the felhom-agent-managed dnsmasq on the host, which answers the guest's live IP (192.168.0.151) + AAAA NODATA and tracks the DHCP IP. Co-Authored-By: Claude Opus 4.8 (1M context) --- helm/pihole/values.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/helm/pihole/values.yaml b/helm/pihole/values.yaml index fbabaa1..9ab39e2 100755 --- a/helm/pihole/values.yaml +++ b/helm/pihole/values.yaml @@ -54,7 +54,11 @@ serviceDns: type: LoadBalancer dnsmasq: customDnsEntries: - - address=/demo-felhom.eu/192.168.0.162 + # Split-horizon for the Felhom demo: CONDITIONAL FORWARD the whole zone to the felhom-pve host's + # agent-managed dnsmasq (192.168.0.162:53), which answers *.demo-felhom.eu with the guest's LIVE + # LAN IP (A) and NODATA for AAAA (no Cloudflare-IPv6 split-brain). `server=` (not `address=`) so + # BOTH A and AAAA are forwarded, and the guest's DHCP IP is tracked by the agent — not pinned here. + - server=/demo-felhom.eu/192.168.0.162 replicaCount: 1 dns: adlist: