AC5300 running DoT add Rpi 4 Pihole

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.


Regular Contributor
Hello all,
I would like to run a Rpi 4 pihole setup,

Since I already am using Dns over TLS on my router ..... Can I just run a Rpi 4 pihole behind router DoT setup and set a custom DNS of in the pihole settings to point to the router wan dns for DoT queries ??
I would also like to force ALL network dns requests to run through the pihole ...... can I do this by setting the static ip of the pihole in the Lan Dns section ???
Will this force my firefox DoH traffic through the router's DoT ??

Anyone done this ?
Appreciate if any of you network engineer young bloods could toss an old man a bone.

P.S. I am aware of Diversion but not what I am looking for

Thanks for reading..


Very Senior Member
First make sure your piholes assigned dhcp address is staticly set. Then Set your pi-holes dns server to point at your routers ip, set your router lan dns1 to your piholes ip address, make sure that you tell it not to advertise your router as dns option under lan tab. Turn on dnsfilter making sure to set the global option to router ( it will force clients to use lan dns 1).


Regular Contributor
Thanks for this, I will give it a try.
Have a question about Dns filter,
I have one entry in there already for my Arlo cameras. Unfortunately the Arlo system will not work with DoT and I had to make a custom DNS entry of
Will the global router option still allow the custom dns entry out ??

Waiting for my Pi 4 -- backordered ..... and testing this on my Synology running docker and pihole instance.
Also where can I verify that my dns requests are going out on port 853 ??


Part of the Furniture
Also where can I verify that my dns requests are going out on port 853 ??
You can use Entware utility 'tcpdump'

e.g. Show either standard DNS Port 53 or DoT Port 853 requests
[ -n "$(which tcpdump)" ] && tcpdump -i any port '(53 or 853)' -nn -tttt || echo -e "\a\n\ttcpdump not installed!\n"


Regular Contributor
I have followed your directions and all went well except for having to add a rule in Dns Filtering for my Diskstation.
Everything was going to my pihole as per expectaton but the pihole would not serve anything to the clients until I added a rule of No filtering for the Diskstation (pihole instance)

All 'seems' to be working well, just have to verify that everything is going out DoT.
I have about 20 or so clients attached and it is ridiculous what is being sent to the dns hole just on stock lists. Can only imagine what will be dropped once up bump up the protection and included my 'Smart' tvs, IOT ect ...

If this is confirmed all traffic on 853 will be very happy not to have to set up unbound,cloudflared on the Pi.

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!