Asus RT-AC68U Merlin DNSFilter + 2 PiHole's?

[dave14305]

I always regarded this as a limitation of this method. You can't on one hand say "I want Pihole to be my authoritative DNS server" and then say "oh but now I want it to be the router". Maybe there's a way to botch it. (I've never used Pihole.)

I've added ptr-record=lb._dns-sd._udp.0.1.168.192.in-addr.arpa,192.168.1.1 to dnsmasq.conf.add as an experiment. It seems to work fine, although I haven't bothered to research the expected result of such a lb._dns-sd query yet.

 

[dave14305]

My latest answer is to replace my PTR record with local=/0.1.168.192.in-addr.arpa/ in dnsmasq.conf.add.

 

[ColinTaylor]

Wouldn't that be more appropriate in the Pihole's config? Perhaps it's not there because the Pihole's DHCP is turned off and therefore it has no knowledge of the subnet address.

 

[dave14305]

Wouldn't that be more appropriate in the Pihole's config? Perhaps it's not there because the Pihole's DHCP is turned off and therefore it has no knowledge of the subnet address.

My thinking is that I want it on the router so the router will break the conditional forwarding loop, but Pi-Hole will still forward other local PTR requests to the router. And when the clients occassionally choose the router as DNS server, I don't want it to forward the query back to Pi-Hole as the router's upstream server.

 

[josh3003]

I am having trouble with posting atm... I may need to message you guys this is weird.

 

[josh3003]

Keep getting oops ran into some problems. I got issues with resolv.conf flipping the order back and also connectivity issues on my router.

 

[dave14305]

Keep getting oops ran into some problems. I got issues with resolv.conf flipping the order back and also connectivity issues on my router.

Don’t post anything with etc and hosts together (add a space).

 

[josh3003]

I turned conditional forwarding off but I also keep track of IP and hostnames through the /etc space hosts file on PiHole. One issue I'm having with was I was having connecticity issues this morning. Seems it was failing to get an IP address from the logs? Can you guys make sense of this?

Asus logs - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com

Also! Even after switching the resolv.conf file it seems to flip the server's back in the order on wan settings. Unless I switch them so e.g. quad 9 is first DNS and pihole is second DNS. But then all queries for router sent to quad 9 and rest are sent to pihole. Can I have it all go to pihole, then to quad 9 or the secondary pihole etc? So in terms of strict order it all gets forced out of pihole. After a period of time.. Really annoying

 

[ColinTaylor]

One issue I'm having with was I was having connecticity issues this morning. Seems it was failing to get an IP address from the logs? Can you guys make sense of this?

Looks like your ISP reset your connection over night which is pretty common for PPP connection. Unless the outage lasted more than a couple of minutes I'd ignore it.

Also! Even after switching the resolv.conf file it seems to flip the server's back in the order on wan settings. Unless I switch them so e.g. quad 9 is first DNS and pihole is second DNS. But then all queries for router sent to quad 9 and rest are sent to pihole. Can I have it all go to pihole, then to quad 9 or the secondary pihole etc? So in terms of strict order it all gets forced out of pihole. After a period of time.. Really annoying

I don't really understand what you are describing. Also, you can't directly edit the resolv.conf file, you must set it in the GUI (WAN DNS, reverse order according to previous posts).

 

[josh3003]

Looks like your ISP reset your connection over night which is pretty common for PPP connection. Unless the outage lasted more than a couple of minutes I'd ignore it.

I'll keep an eye on things. I don't think I've noticed it before. We usually stream music of a morning and it was super choppy this morning cutting in and out and seeing all those . I'll keep the order reversed as mentioned. Once I am satisfied I might switch the outgoing dns to quad 9. Believe I'll get faster resolution. Just helps me with checking logging to see what is actually reaching outside dns at certain times of the day etc.

I've sent off a message to my provider to confirm whether this was their doing or not as well. They're pretty good and should get back to me within the next few hours when they open.

 

[josh3003]

Also, a bit off topic. But I had to turn off traffic analyser as it kept crashing my httpd service. Has or was this ever addressed or was there any fix or is this still a known issue?

 

[dave14305]

This could be a good use case for the "free tier" of NextDNS to be the fallback public server (WAN DNS 1) using their IPv4 dnsmasq setup to log the requests coming in when the Pi-Hole is offline. Still offers ad-blocking and logging and you could probably expect less than 300K queries a month to remain in the free tier. Just a thought.

I still like Quad9, but NextDNS is an option here.

 

[josh3003]

This could be a good use case for the "free tier"

I got a free tier PiHole running off GCP through the guide here

 

[ColinTaylor]

I got a free tier PiHole running off GCP through the guide here

I'd hazard a guess that NextDNS might be a lot faster than a free google server.

 

[josh3003]

I'd hazard a guess that NextDNS might be a lot faster than a free google server.

Agreed, Think I was just going to use it temporarily and will probably switch to quad 9 in a few days once I am happy with how the network is running. Is there still a known issue with traffic analyser crashing httpd service?

 

[josh3003]

Looks like your ISP reset your connection over night which is pretty common for PPP connection. Unless the outage lasted more than a couple of minutes I'd ignore it.

So confirmation this was indeed from the router and not a coincidence when I woke up everything went belly up. From my ISP below.

We can confirm we do not periodically reset connections. We can confirm that dropouts on a Fibre service are extremely rare.

 

[josh3003]

So update, I am using NextDNS as the fallback now. Perhaps we can put that particular one down to, that because I had WAN settings in sequential (not the correct) reversed order and edited the resolf.conf file, the requests started smashing the free google server, things were taking too long to resolve and perhaps caused the issue? I'll keep an eye on it but I can still see the logs coming through nicely now and only the asus router pinging trend micro etc . Good to know thanks for that @dave14305

What about Asus traffic analyser crashing the httpd? I have it disabled but wouldn't mind enabling it to see some stats. Does that put any additional load on the router? Has there been any fix for that crashing yet?

 

[josh3003]

@dave14305 Maybe you might know that one considering you run a similar setup to myself. Do you have traffic analyser enabled and suffer from the httpd crashing or do you have it disabled?

 

[dave14305]

@dave14305 Maybe you might know that one considering you run a similar setup to myself. Do you have traffic analyser enabled and suffer from the httpd crashing or do you have it disabled?

I've never used Traffic Analyzer, so I haven't responded. You will probably be better off creating a new thread for that problem since the title of this thread won't attract people that may use Traffic Analyzer.

 

[josh3003]

Yeah thanks. Will do. Btw nextdns is working great