What's new

ASUS RT-AC68U - The correct way to configure DNS for Pi-Hole (standalone device)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yep. Thanks again for your help. <happy dance>

One weird thing is that I can access the dashboard using this URL now... http://pi.hole/admin

It never worked before, I always had to use http://192.168.1.2/admin

So, bonus. :)

for me, i no longer was limited to using my pihole's ip address to hit the admin page after i went into my router and set the wan side dns back to automatic.

i had entries in there, used my pihole ip.

i had erased all my entries of my router and maybe didnt exactly set it up the same after.

this wasnt the only issue... i noticed i suddenly was not able to resolve external sites after a couple of hours of setting the wan dns to my pihole.
 
I'd suggest you also setup DNSFilter since you're running Merlin. That way you can essentially intercept any port 53 DNS request and force it to your Pi-hole. This would cover devices (like chromecasts or other IOT devices) that use hard coded Google DNS entries. I've got the same setup on my Pi-holes at home.
 
And, in case you are curious you can do DoT with a Pi-Hole. Stubby can be added to the Pi. I have done this with Raspbian Buster, Ubuntu 18.04 and 20.04 32 and 64 bit versions:
 
you're right, I hadnt done that yet.

on the dns filter tab page, it notes:

"Router" will force clients to use the DNS provided by the router's DHCP server (or, the router itself if it's not defined).

so since my router is not providing dns, its the pihole device, i should not toggle onto router, right?

instead i make a 'custom' user defined - dns 1 entry, with its ip address ?

(and in the global filter drop down, i key it for said custom 1 ?)

then in the client list pull down, i key it for my pihole? and associate the filter list pull down with 'custom 1'?
 
you're right, I hadnt done that yet.

on the dns filter tab page, it notes:

"Router" will force clients to use the DNS provided by the router's DHCP server (or, the router itself if it's not defined).

so since my router is not providing dns, its the pihole device, i should not toggle onto router, right?

instead i make a 'custom' user defined - dns 1 entry, with its ip address ?

(and in the global filter drop down, i key it for said custom 1 ?)

then in the client list pull down, i key it for my pihole? and associate the filter list pull down with 'custom 1'?
Correct - you can do a custom one, specify your Pi-hole(s) IP as the DNS servers.

Make sure to add your Pi-hole(s) to the list of clients with "no filtering" below that section. The "no filtering" rules will exclude them otherwise, you will see a massive spike in traffic that is bounced back and forth as it intercepts and re-filters.
 
"Router" will force clients to use the DNS provided by the router's DHCP server (or, the router itself if it's not defined).

so since my router is not providing dns, its the pihole device, i should not toggle onto router, right?
If your LAN DHCP Server DNS 1 field is set to the Pi-Hole IP address, then DNS Filter mode as “Router” will enforce that DHCP DNS 1 value. Only if that field is blank will the router’s IP be substituted. It’s a common misunderstanding how Router mode works.
 
If your LAN DHCP Server DNS 1 field is set to the Pi-Hole IP address, then DNS Filter mode as “Router” will enforce that DHCP DNS 1 value. Only if that field is blank will the router’s IP be substituted. It’s a common misunderstanding how Router mode works.
With LAN Server 1 set to Pi-Hole my clients get the router IP for a second DNS server. Which is good if the Pi-Hole should fail.
 
With LAN Server 1 set to Pi-Hole my clients get the router IP for a second DNS server. Which is good if the Pi-Hole should fail.
Or add a secondary Pi-hole on your network and slot it as the second DNS entry.
 
An added benefit of Pi-Hole is that its dnsmasq config contains the canary domain to block auto DoH in Firefox.
 
maybe a cheap PI zero would work well running pi-hole as secondary DNS?
For sure. I run two Pi-holes at home - one is on a Pi 3B+ and the other is on a Pi 4B.
 
And, in case you are curious you can do DoT with a Pi-Hole. Stubby can be added to the Pi. I have done this with Raspbian Buster, Ubuntu 18.04 and 20.04 32 and 64 bit versions:

ooh yes, i was very curious.

ive recently been running unbound.

unbound is my pihole's upstream dns.

ive only so far have read that unbound supports DoT. im not yet versed to know if i have to enable DoT or still have to proceed w/ stubby. but very curious.
 
An added benefit of Pi-Hole is that its dnsmasq config contains the canary domain to block auto DoH in Firefox.

that's awesome, wasn't aware. but within Firefox, I thought there was a easy way to turn DoH off already.
 
If your LAN DHCP Server DNS 1 field is set to the Pi-Hole IP address, then DNS Filter mode as “Router” will enforce that DHCP DNS 1 value. Only if that field is blank will the router’s IP be substituted. It’s a common misunderstanding how Router mode works.

such as like this ?



1597094147948.png

1597100146569.png
 
Last edited:
With LAN Server 1 set to Pi-Hole my clients get the router IP for a second DNS server. Which is good if the Pi-Hole should fail.
Except that would never happen in this scenario because when the client tries to use the second DNS server (the router) it is intercepted by DNSFilter and redirected to the failed PiHole.
 
Except that would never happen in this scenario because when the client tries to use the second DNS server (the router) it is intercepted by DNSFilter and redirected to the failed PiHole.
I understand that the Global Filter Mode set to Router only redirected port 53 UDP DNS queries that were trying to bypass the router. I discovered this afternoon that my Roku was going out to 8.8.8.8 and 8.8.4.4 when I did not have DNS Filtering turned on. When I set it to Router the outbound DNS packets from the Roku stopped. Of course the DNS outbound from my Pi OS stopped, too. I set the Pi as unfiltered as abc5 did then went into the Pi /etc/dhcpcd.conf and set the OS DNS to my router IP.
When the girls get done shopping I will "fail" my Pi without making changes to the router. As my clients have gotten DHCP assigned DNS servers (the Pi and the router) my bet is that I will keep on surfing.
Stay Tuned. You may get to see an old guy grovel in apology yet...

Edit: OK, where is that crow...
 
Last edited:
Not to derail the conversation, but what is the benefit of using a separate Pi-hole instead of Diversion on the router as an ad-blocker, other than possibly different ad-blocking lists? Just curious.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top