Actual proper setup and or guide to use an Asus router(ax58u) running Merlin firmware (latest) with pihole on raspberry pi model 3a+/b+

[booshankles]

Exactly as the title says, I have already tried searching here for 3 days, as well as pihole and raspberry pi support and reddit and other, while I have found various separate posts that have been updated like a couple years ago, things have changed more since then it seems like, and those couple posts also link to other posts that are also a little what I feel like outdated now and you guys have kind of made this really confusing now so I'm here asking for an actual solid all in one spot or post, step-by-step guide or something. specifically about global redirection being set to either no redirection or user-defined 1 and a few other options, between here and the other places I have been to for support including trying to follow asus pihole guide. at one point I managed to entirely lose internet activity unless the pie hole is running, lost entire access to my Asus routers web GUI, could only connect to the web GUI with pihole running, sometimes only one device entirely even after hard resets would be able to use the ASUS router web GUI and no other device can. It eventually got to the point even without the pie hole working and I had reset all devices I had entirely lost access to asus's web GUI for my router, I have since done a hard reset and now my router is back fresh settings. So can I get some help or steps on having this set up properly while still retaining the ASUS router web GUI? But also still have stuff like the Roku and smart TV being redirected? And also if able being able to successfully resolve both ipv4 and IPv6 connections, unfortunately it's less of an option for me for those to be optional it seems but I genuinely just don't know anymore

 

[GHammer]

Don't set the pihole as the WAN (router) DNS.
Set the pihole to accept all origins (unless you are quite familiar with these settings.)
Use the DHCP server to assign the pihole IP to clients.
Only list the pihole as adding another DNS entry will cause the pihole to not be used randomly.

There, all summed up.

 

[booshankles]

Don't set the pihole as the WAN (router) DNS.
Set the pihole to accept all origins (unless you are quite familiar with these settings.)
Use the DHCP server to assign the pihole IP to clients.
Only list the pihole as adding another DNS entry will cause the pihole to not be used randomly.

There, all summed up.

Yeah it's this exact problem that I'm having, y'all are treating everyone like we're experts in this it feels like, and it's been like that everywhere I've gone. I Am brand new to this only 3 days in, you are just saying words to me right now straight up that's why I'm asking for a real step-by-step guide that can be consolidated into one single post where I don't need to jump to four different posts that may or may not be newer or older. I would like to be more familiar with these settings that's why I'm coming here asking for help and or a real step by step guide.

 

[bennor]

.... so I'm here asking for an actual solid all in one spot or post, step-by-step guide or something.

General Asus-Merlin 3004.388.x firmware steps from a post made earlier this month:

Solved - Device not respecting DNS Director or (Yaz)DHCP Server settings

I have an Intel NUC running Pi-hole that I'm currently using as my DNS server for my network: I have a device on my IoT network that's pretty chatty (a baby monitor), and it regularly causes my Pi-hole to throw a warning that the concurrent DNS query limit is reached. I've tried both of the...

www.snbforums.com

Because of that DNS Director change the following very basic and general Pi-Hole v6.x/Asus-Merlin configuration should work. There may be better ways to configure Asus-Merlin and Pi-Hole v6.x, but what follows should work for a basic use case on the Asus-Merlin 3004.388.10 and later 388 line firmware:

• Input the Pi-Hole IP address into the LAN > DHCP Server DNS field(s). (Set Advertise router's IP in addition to user specified DNS to No if that option is available.)
• For the WAN DNS fields use any public or ISP DNS server.
• If using YazFi, input the Pi-Hole's IP address into the Guest Network > YazFi > DNS Server field(s) if you want the YazFi clients to use the Pi-Hole; save the YazFi setting changes.
• On the DNS Director page, enable DNS Director.
• On the DNS Director page, set Global Redirection to User defined DNS #1.
• On the DNS Director page, input the Pi-Hole IP into User defined DNS #1 field
• On the DNS Director page, in the Client List select the Pi-Hole's MAC address and set Redirection to No Redirection, then click the Add (plus) icon to add it to the list.
• When finished making changes on DNS Director remember to select the Apply button.
• On the Pi-Hole > Settings >DNS one may need to change the Interface Settings to either Respond only on interface (select Pi-Hole network interface), or if using multiple network ports on the Pi-Hole device select Permit all all origins.
• On the Pi-Hole > Settings > DNS page under Conditional Forwarding, follow the examples to input your router's main LAN and any YazFi Guest Network IP subnet/IP address in the format the example indicates (ex: true,192.168.0.0/24,192.168.0.1,fritz.box) in the provided Conditional Forwarding field.
• Make sure to apply any changes to the Pi-Hole settings.
• When finished test the settings to see if clients are using the Pi-Hole and if the Pi-Hole is properly showing the client requests in the Pi-Hole Query Log.
• In rare cases one may need to reboot both the router and any network clients.
• One may also want to input a domain name into the LAN >LAN-IP Domain Name field and LAN > DHCP Server Router's Domain Name field. That domain name can used when setting up the Pi-Hole Conditional Forwarding reverse server(s).
• Note: Using YazFi's Force DNS option may override, for YazFi Clients, the use of the DNS Director.

For 3006.102.4 and later Asus-Merlin firmware users see this post for a similar basic general configuration of Asus-Merlin and Pi-Hole.

For stock Asus 3004.388 firmware one can ignore the DNS Director and YazFi steps in the above directions.

 

[bbunge]

Here is a tutorial to set up your Pi-Hole and set a static IP address on the RPI:

Tutorial - Pi-Hole for both LAN clients and Guest Network (VLAN) clients

This topic has been discussed several times before in these forums. One solution is to set up the RPI with the Ethernet connected to the LAN and the WIFI connected to the guest WIFI. This procedure will let you connect the RPI to the LAN Ethernet with a single cable and have IP addresses on the...

www.snbforums.com

 

[booshankles]

General Asus-Merlin 3004.388.x firmware steps from a post made earlier this month:

Solved - Device not respecting DNS Director or (Yaz)DHCP Server settings

I have an Intel NUC running Pi-hole that I'm currently using as my DNS server for my network: I have a device on my IoT network that's pretty chatty (a baby monitor), and it regularly causes my Pi-hole to throw a warning that the concurrent DNS query limit is reached. I've tried both of the...

www.snbforums.com

Because of that DNS Director change the following very basic and general Pi-Hole v6.x/Asus-Merlin configuration should work. There may be better ways to configure Asus-Merlin and Pi-Hole v6.x, but what follows should work for a basic use case on the Asus-Merlin 3004.388.10 and later 388 line firmware:

• Input the Pi-Hole IP address into the LAN > DHCP Server DNS field(s). (Set Advertise router's IP in addition to user specified DNS to No if that option is available.)
• For the WAN DNS fields use any public or ISP DNS server.
• If using YazFi, input the Pi-Hole's IP address into the Guest Network > YazFi > DNS Server field(s) if you want the YazFi clients to use the Pi-Hole; save the YazFi setting changes.
• On the DNS Director page, enable DNS Director.
• On the DNS Director page, set Global Redirection to User defined DNS #1.
• On the DNS Director page, input the Pi-Hole IP into User defined DNS #1 field
• On the DNS Director page, in the Client List select the Pi-Hole's MAC address and set Redirection to No Redirection, then click the Add (plus) icon to add it to the list.
• When finished making changes on DNS Director remember to select the Apply button.
• On the Pi-Hole > Settings >DNS one may need to change the Interface Settings to either Respond only on interface (select Pi-Hole network interface), or if using multiple network ports on the Pi-Hole device select Permit all all origins.
• On the Pi-Hole > Settings > DNS page under Conditional Forwarding, follow the examples to input your router's main LAN and any YazFi Guest Network IP subnet/IP address in the format the example indicates (ex: true,192.168.0.0/24,192.168.0.1,fritz.box) in the provided Conditional Forwarding field.
• Make sure to apply any changes to the Pi-Hole settings.
• When finished test the settings to see if clients are using the Pi-Hole and if the Pi-Hole is properly showing the client requests in the Pi-Hole Query Log.
• In rare cases one may need to reboot both the router and any network clients.
• One may also want to input a domain name into the LAN >LAN-IP Domain Name field and LAN > DHCP Server Router's Domain Name field. That domain name can used when setting up the Pi-Hole Conditional Forwarding reverse server(s).
• Note: Using YazFi's Force DNS option may override, for YazFi Clients, the use of the DNS Director.

For 3006.102.4 and later Asus-Merlin firmware users see this post for a similar basic general configuration of Asus-Merlin and Pi-Hole.

For stock Asus 3004.388 firmware one can ignore the DNS Director and YazFi steps in the above directions.

I do just want to say thank you for this because it definitely did work, unfortunately if I disconnect the pie hole my internet just doesn't work now and the internet is only working after the pie hole is connected again, so what am I not doing still I have already done a reboot of the router and everything, also I'm not using whatever yazfi is,i do not know what that is yet and IDK ifni need it

 

[bennor]

I do just want to say thank you for this because it definitely did work, unfortunately if I disconnect the pie hole my internet just doesn't work now and the internet is only working after the pie hole is connected again, so what am I not doing still I have already done a reboot of the router and everything, also I'm not using whatever yazfi is,i do not know what that is yet and IDK ifni need it

If the Pi-Hole goes offline for what ever reason just change out the LAN DHCP DNS servers to public DNS servers, or just remove the LAN DHCP DNS server entries so clients use the router as the DNS server (via the router's WAN DNS servers), and your internet access should be restored. If using Asus-Merlin firmware, one may need to disable (turn off) DNS Director as well. Some will run a second Pi-Hole for situations like this where the first Pi-Hole goes down.

PS: YazFi is a addon script for Asus-Merlin firmware. It extends and adds additional options/features to the Guest Network option.

YazFi - YazFi v4.4.9 [2025-Nov-08] - Enhanced AsusWRT-Merlin Guest WiFi Networks

Release Notes for YazFi v4.4.6 production release now available [2025-May-29] The fork from @Jack Yaz's repository is now hosted on the AMTM-OSR GitHub repo: https://github.com/AMTM-OSR/YazFi 1) FIXED: Problem where setting the "Allow Internet Access" option to "NO" was causing problems with...

www.snbforums.com

 

[booshankles]

If the Pi-Hole goes offline for what ever reason just change out the LAN DHCP DNS servers to public DNS servers, or just remove the LAN DHCP DNS server entries so clients use the router as the DNS server (via the router's WAN DNS servers), and your internet access should be restored. If using Asus-Merlin firmware, one may need to disable (turn off) DNS Director as well. Some will run a second Pi-Hole for situations like this where the first Pi-Hole goes down.

PS: YazFi is a addon script for Asus-Merlin firmware. It extends and adds additional options/features to the Guest Network option.

YazFi - YazFi v4.4.9 [2025-Nov-08] - Enhanced AsusWRT-Merlin Guest WiFi Networks

Release Notes for YazFi v4.4.6 production release now available [2025-May-29] The fork from @Jack Yaz's repository is now hosted on the AMTM-OSR GitHub repo: https://github.com/AMTM-OSR/YazFi 1) FIXED: Problem where setting the "Allow Internet Access" option to "NO" was causing problems with...

www.snbforums.com

Got it okay thank you so much for explaining this I understand, so I would need to have a dedicated raspberry pi (or two as you mention as fallback if I wanted) to continue using this configuration with DNS director configured? I do just want to make sure so I'm sorry for asking that if it's a very obvious stupid answer Because I do also use this pi as a Android auto wireless dongle also so I just need to know if I need to buy more lol

 

[bbunge]

As you are using Merlin it may be easier for you to use Diversion on your router. It can use the same block lists as Pi-Hole and does just as good a job blocking adds/malware and etc as Pi-Hole. And you can use your RPI for something else.
I do use a Pi-Hole on a RPI 3b+ but I use Asus firmware. My static IP address and IoT clients use the router, using DoT to Cloudflare Security, for DNS. My DHCP clients use the Pi-Hole as I want them to have add blocking. The Pi-Hole uses DoT to Cloudflare Security. I have used Cloudflared (DoH) and Unbound on the Pi-Hole. I feel more comfortable using DoT.
You can get skull cramps trying to figure these things out. Many of us on this forum have been playing with computers and networking for years and have our preferences. For you a service like Control D or Adguard may work just as well.

 

[bennor]

Got it okay thank you so much for explaining this I understand, so I would need to have a dedicated raspberry pi (or two as you mention as fallback if I wanted) to continue using this configuration with DNS director configured? I do just want to make sure so I'm sorry for asking that if it's a very obvious stupid answer Because I do also use this pi as a Android auto wireless dongle also so I just need to know if I need to buy more lol

What specific firmware version are you running on the router?

If you plan to use the Raspberry Pi device that is running Pi-Hole for other purposes, one were the Raspberry Pi will not be connected to the Asus router, then you may want to consider other options. As mentioned above, if you are using Asus-Merlin firmware there is Diversion. And there is a way to install Pi-Hole to the router itself as well. Or one can use public DNS servers that do ad blocking/filtering rather than using Pi-Hole or Diversion. Or install Pi-Hole to a different supported device that is always connected to the Asus router. All depends on what you are trying to achieve for your use case.

Diversion - Diversion 5.1.3 - the Router Ad-Blocker, May 09, 2024

Welcome This is Diversion - the Router Ad-Blocker for Asuswrt-Merlin For more about Diversion check out the Diversion website. What's new in this Diversion 5.1.3 patch release Deregisters additional Dnsmasq instance IPs when rebooting. Diversion is free to use under the GNU General Public...

www.snbforums.com

Entware - Pi-hole directly on the router? Yes!

So, I squeezed Pi-hole V6 beta into Entware package. I've been working on this for some time and now it reached a stage where there is not much to add to this based on my testing. Got motivated by the open feature request on the Pi-hole's Discourse and also by a need to have a "backup" Pi-hole...

www.snbforums.com

Prerequisites - Pi-hole documentation

Operating system and network requirements

docs.pi-hole.net

 

[booshankles]

What specific firmware version are you running on the router?

If you plan to use the Raspberry Pi device that is running Pi-Hole for other purposes, one were the Raspberry Pi will not be connected to the Asus router, then you may want to consider other options. As mentioned above, if you are using Asus-Merlin firmware there is Diversion. And there is a way to install Pi-Hole to the router itself as well. Or one can use public DNS servers that do ad blocking/filtering rather than using Pi-Hole or Diversion. Or install Pi-Hole to a different supported device that is always connected to the Asus router. All depends on what you are trying to achieve for your use case.

Diversion - Diversion 5.1.3 - the Router Ad-Blocker, May 09, 2024

Welcome This is Diversion - the Router Ad-Blocker for Asuswrt-Merlin For more about Diversion check out the Diversion website. What's new in this Diversion 5.1.3 patch release Deregisters additional Dnsmasq instance IPs when rebooting. Diversion is free to use under the GNU General Public...

www.snbforums.com

Entware - Pi-hole directly on the router? Yes!

So, I squeezed Pi-hole V6 beta into Entware package. I've been working on this for some time and now it reached a stage where there is not much to add to this based on my testing. Got motivated by the open feature request on the Pi-hole's Discourse and also by a need to have a "backup" Pi-hole...

www.snbforums.com

Prerequisites - Pi-hole documentation

Operating system and network requirements

docs.pi-hole.net

I'm running the latest firm from Merlin 3004.388.11. I'm going to say this genuinely and in the best way that I can so I can convey it properly, I just wanted to try to figure this out, just in general like how to use raspberry pi and pihole with the Asus router I happen to own that happens to run the firmware where support for said firmware is here. I am interested in this and networking a tad and given this day and age it would just be cool to have a little bit more privacy lol, unfortunately I'm feeling like it's not a good idea to be a new person in this scene asking for this level of help Ina powerhouse forum which fair I understand that . The pi was 25 bucks and I got tired of buying $60 Android auto wireless dongles, learned I can do that with a pi, I got that autistic curiosity so now I am here lol. I know it can't block ads on like YouTube and other stuff (maybe it does I'm just not that far yet prolly) but I have my solutions for that already lol. And that is my answer to what my purposes are Jsut simply to learn. But I got everything figured out and going smooth now, got confirmation from pihole mods my logs are good, no loops, no DNS leaks or anything. I truly appreciate the help on this side of things and thank you kindly, I'll check out the recommendations once I get more comfortable lol