This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 0%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBL%3C/text%3E%3C/svg%3E)
I have a home server running Proxmox, on which I have set up Pi-hole for adblocking/DNS and Nginx Proxy Manager as my reverse proxy. Pi-hole has 1.1.1.1 and 1.0.0.1 set as it's upstream servers (just until I migrate my DNS records from Cloudflare DNS to Pi-hole). I set all records on Cloudflare to point to 192.168.1.7 (my NPM instance), which then points to my services.
I set the DNS server on my PC to 192.168.1.3 (my Pi-hole instance), and it is able to resolve all DNS queries, except for my subdomains set in Cloudflare.
I initially thought it was a problem with Pi-hole, so I set the DNS servers to be 1.1.1.1 and 1.0.0.1, but it still failed to resolve the domains. However, when I turned on DoH (with automatic templates), it suddenly worked, and all of my domains resolved to my services.
(Windows 11 Pro 24H2 26100.4770)
Hello. When you query one of the failing subdomains from your PC using nslookup or dig pointed directly at 1.1.1.1 (bypassing Pi‑hole), does it return a response over normal DNS, or does it time out?
Also, does resolving the same subdomain via dig @192.168.1.3 yoursub.domain.com with the +tcp flag succeed while UDP fails, or is it broken on both protocols?
Hi, running nslookup jellyfin.domain.net 1.1.1.1 returns:
Server: one.one.one.one
Address: 1.1.1.1
Non-authoritative answer:
Name: proxy.domain.net
Address: 192.168.1.7
Aliases: jellyfin.domain.net
As for running that dig command, I tried to install BIND 9 but couldn't figure it out ¯\(ツ)/¯
Interesting. No problem about the dig command. Well, to resolve this without relying on DoH, you need to ensure your local DNS server (Pi-hole) correctly handles the internal routing for your domain.
Try solving it by adding a custom DNS record directly in Pi-hole. This tells Pi-hole to resolve your subdomains (like jellyfin.domain.net) to the correct internal IP, without sending the request to upstream DNS servers:
jellyfin.domain.net192.168.1.7Repeat this for any other internal subdomains you’re using. This should fix the resolution issue without needing DoH. Unless you need it...