ASUS RT-AC68U - The correct way to configure DNS for Pi-Hole (standalone device)

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

krick

Regular Contributor
I'm running the latest "Fork" firmware Asuswrt-Merlin 374.43 LTS release V44E5

I've set up Pi-Hole on a Raspberry Pi 3 Model B+ and I have it plugged directly into my ASUS RT-AC68U.

I've configured a static IP address for the Raspberry Pi... 192.168.1.2 using the DHCP settings on the ASUS router. I've adjusted my IP Pool Starting Address to start at 192.168.1.3 to leave room for the Raspberry Pi IP.

I was able to get everything working by adding it into the WAN DNS Setting section of the router and while this appears to work (I'm seeing blocked traffic in the Pi-Hole dashboard) all of the traffic appears to be coming from one device (my router). Here's what that config looks like on my router...

upload_2020-7-1_22-39-48.png


From what I'm reading on various forums, there's another (supposedly better) way to set this up in the LAN section (instead of the WAN section)... DNS and WINS Server Setting. Here's what mine currently looks like (not set up for Pi-Hole)...

upload_2020-7-1_22-48-16.png


The idea is that Pi-Hole will see the individual devices hitting it directly and you can see more info in the Pi-Hole dashboard to see which device is requesting specific domains. However, the information I'm finding about this is pretty sketchy and nobody seems to know definitively how to set it up.

Some of the conflicting info I'm seeing is that some people are saying to put the info in both WAN and LAN sections. Other people say that you put your Pi IP in the LAN section, but put a normal third-party DNS in the WAN section (like Google 8.8.8.8 and 8.8.4.4). I see conflicting info on whether this will work with devices that have a statically assigned IP without also hard-coding the DNS on the device itself (which I'd rather not do).

Furthermore, I've seen what appears to be a third way to set up using a custom dnsmasq config but I'm not sure if that even works with ASUS routers (see method #2 on this page: https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245 ). This method sounds like it would be the way to go (assuming it works). But then they don't say anything about how (or if) you're supposed to configure anything in the WAN or LAN sections. So that part is still confusing.

So, that's everything I know. I'm hoping someone here might know the "best" way to set this up or at least provide some guidance. Thanks.
 

bbunge

Very Senior Member
The wan DNS settings should be resolvers outside of your LAN. I used Quad9. The LAN DNS and WINS server, DNS Server should be 192.168.1.2.
 

krick

Regular Contributor
This doesn't appear to work. Tailing the pi-hole log doesn't show any activity. Here's my settings for WAN and LAN respectively...

upload_2020-7-3_21-9-27.png


upload_2020-7-3_21-10-38.png
 

New2This

Regular Contributor
Currently have Pihole running here... Just on the WAN /DNS and WINS Server Setting- I only have my Pihole(IP) in the DNS Server 1... Number DNS2 is blank, As you can see 17 clients are going thru pihole

Screenshot at 2020-07-03 22-53-58.png
 

krick

Regular Contributor
On the LAN page, turn off the Advertise router’s IP... option and force devices to renew their DHCP leases. You should start to see some activity.
THANK YOU! That was the problem. It works perfectly now.
 

Vexira

Part of the Furniture
Don't forget to set up conditional forwarding in the pi, set the router domain in LAN first.

It will.show the devices in pi hole.
 

krick

Regular Contributor
It's under settings then DNS and at the bottom in pihole
Yeah, I was using that page as a reference. I set the domain name "ultranet" and also set "ultranet" in the router LAN page

upload_2020-7-3_23-40-9.png
 

krick

Regular Contributor
Well, I spoke too soon. It looks like a bunch of the devices in my house can't connect to WiFi anymore. They see the router, but they can't connect.

EDIT: I rebooted the router and didn't see any clients connected. Then I changed "Enable multicast DNS (Avahi mDNS)" to "No" and everything started working again. Any idea what it does? ...

upload_2020-7-4_1-9-41.png
 
Last edited:

Vexira

Part of the Furniture
Well, I spoke too soon. It looks like a bunch of the devices in my house can't connect to WiFi anymore. They see the router, but they can't connect.

EDIT: I rebooted the router and didn't see any clients connected. Then I changed "Enable multicast DNS (Avahi mDNS)" to "No" and everything started working again. Any idea what it does? ...

View attachment 24516
Not sure if this is right

In computer networking, the multicast DNS protocol resolves hostnames to IP addresses within small networks that do not include a local name server. It is a zero-configuration service, using essentially the same programming interfaces, packet formats and operating semantics as the unicast Domain Name System.

Was it on by default?
 

krick

Regular Contributor
Was it on by default?
Yes. Well, it was enabled and I never enabled it. So I assume it is on by default.

I guess it's possible that rebooting the router alone fixed the issue but it was just taking a while for clients to connect and maybe if I had waited longer, everything would have been ok. I'll play around with this setting tomorrow and see if re-enabling it breaks anything.
 

dave14305

Part of the Furniture
Yes. Well, it was enabled and I never enabled it. So I assume it is on by default.

I guess it's possible that rebooting the router alone fixed the issue but it was just taking a while for clients to connect and maybe if I had waited longer, everything would have been ok. I'll play around with this setting tomorrow and see if re-enabling it breaks anything.
Since the router’s dnsmasq would still be running, clients that hadn’t renewed their leases should still have been able to resolve names successfully.

But looking at your WAN DNS screenshot, I think you might want to disable DNSSEC if you continue to use the pihole IP for the router WAN DNS. You do not have DNSSEC enabled on the pihole, based on your other screenshot. What DNS servers does the pihole use?
 

New2This

Regular Contributor
Would it be a good idea to use Unbound? While using Pihole ?
 

krick

Regular Contributor
But looking at your WAN DNS screenshot, I think you might want to disable DNSSEC if you continue to use the pihole IP for the router WAN DNS. You do not have DNSSEC enabled on the pihole, based on your other screenshot. What DNS servers does the pihole use?
I've got the Pi-Hole set to use Cloudflare DNS (1.1.1.1 and 1.0.0.1)

I've gone in and checked "Use DNSSEC" on the Pi-Hole and restarted everything.

I also set "Enable multicast DNS (Avahi mDNS)" back to "Yes" on the router as well.

Seems like it's working so far.
 

abc5

Occasional Visitor
I've configured a static IP address for the Raspberry Pi... 192.168.1.2 using the DHCP settings on the ASUS router. I've adjusted my IP Pool Starting Address to start at 192.168.1.3 to leave room for the Raspberry Pi IP.

I was able to get everything working by adding it into the WAN DNS Setting section of the router and while this appears to work (I'm seeing blocked traffic in the Pi-Hole dashboard) all of the traffic appears to be coming from one device (my router). Here's what that config looks like on my router...
i forgot about that ip range formyself.... i gave my pihole a static ip reservation of like 192.168.5.200 in the router despite that.
so will it cause any real world problems?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top