PiHole across VLANs

I spent way too long bashing my head why my firewall rules weren't allowing traffic to my pihole. Turns out, it wasn't my firewall rules.

I finally used tcpdump to figure out that the rules were working and that it was a pihole configuration.

Here's the command I ran to verify packets were making it to the pihole host (using dig testdomain.com @192.168.4.4 as a test from the client).

tcpdump -i eth0 host 192.168.8.10 and port 53 -n -s 0 -vvv

The solution was to change the "Interface listening behavior" via the pihole web interface, on the settings, DNS page to be "Listen on all interfaces, permit all origins". After I saved this, requests immediately started working across my VLANs.