What's new

ASUS RT-AC68U - The correct way to configure DNS for Pi-Hole (standalone device)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

krick

Regular Contributor
I'm running the latest "Fork" firmware Asuswrt-Merlin 374.43 LTS release V44E5

I've set up Pi-Hole on a Raspberry Pi 3 Model B+ and I have it plugged directly into my ASUS RT-AC68U.

I've configured a static IP address for the Raspberry Pi... 192.168.1.2 using the DHCP settings on the ASUS router. I've adjusted my IP Pool Starting Address to start at 192.168.1.3 to leave room for the Raspberry Pi IP.

I was able to get everything working by adding it into the WAN DNS Setting section of the router and while this appears to work (I'm seeing blocked traffic in the Pi-Hole dashboard) all of the traffic appears to be coming from one device (my router). Here's what that config looks like on my router...

upload_2020-7-1_22-39-48.png


From what I'm reading on various forums, there's another (supposedly better) way to set this up in the LAN section (instead of the WAN section)... DNS and WINS Server Setting. Here's what mine currently looks like (not set up for Pi-Hole)...

upload_2020-7-1_22-48-16.png


The idea is that Pi-Hole will see the individual devices hitting it directly and you can see more info in the Pi-Hole dashboard to see which device is requesting specific domains. However, the information I'm finding about this is pretty sketchy and nobody seems to know definitively how to set it up.

Some of the conflicting info I'm seeing is that some people are saying to put the info in both WAN and LAN sections. Other people say that you put your Pi IP in the LAN section, but put a normal third-party DNS in the WAN section (like Google 8.8.8.8 and 8.8.4.4). I see conflicting info on whether this will work with devices that have a statically assigned IP without also hard-coding the DNS on the device itself (which I'd rather not do).

Furthermore, I've seen what appears to be a third way to set up using a custom dnsmasq config but I'm not sure if that even works with ASUS routers (see method #2 on this page: https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245 ). This method sounds like it would be the way to go (assuming it works). But then they don't say anything about how (or if) you're supposed to configure anything in the WAN or LAN sections. So that part is still confusing.

So, that's everything I know. I'm hoping someone here might know the "best" way to set this up or at least provide some guidance. Thanks.
 
The wan DNS settings should be resolvers outside of your LAN. I used Quad9. The LAN DNS and WINS server, DNS Server should be 192.168.1.2.
 
This doesn't appear to work. Tailing the pi-hole log doesn't show any activity. Here's my settings for WAN and LAN respectively...

upload_2020-7-3_21-9-27.png


upload_2020-7-3_21-10-38.png
 
Currently have Pihole running here... Just on the WAN /DNS and WINS Server Setting- I only have my Pihole(IP) in the DNS Server 1... Number DNS2 is blank, As you can see 17 clients are going thru pihole

Screenshot at 2020-07-03 22-53-58.png
 
On the LAN page, turn off the Advertise router’s IP... option and force devices to renew their DHCP leases. You should start to see some activity.

THANK YOU! That was the problem. It works perfectly now.
 
Don't forget to set up conditional forwarding in the pi, set the router domain in LAN first.

It will.show the devices in pi hole.
 
It's under settings then DNS and at the bottom in pihole

Yeah, I was using that page as a reference. I set the domain name "ultranet" and also set "ultranet" in the router LAN page

upload_2020-7-3_23-40-9.png
 
Well, I spoke too soon. It looks like a bunch of the devices in my house can't connect to WiFi anymore. They see the router, but they can't connect.

EDIT: I rebooted the router and didn't see any clients connected. Then I changed "Enable multicast DNS (Avahi mDNS)" to "No" and everything started working again. Any idea what it does? ...

upload_2020-7-4_1-9-41.png
 
Last edited:
Well, I spoke too soon. It looks like a bunch of the devices in my house can't connect to WiFi anymore. They see the router, but they can't connect.

EDIT: I rebooted the router and didn't see any clients connected. Then I changed "Enable multicast DNS (Avahi mDNS)" to "No" and everything started working again. Any idea what it does? ...

View attachment 24516
Not sure if this is right

In computer networking, the multicast DNS protocol resolves hostnames to IP addresses within small networks that do not include a local name server. It is a zero-configuration service, using essentially the same programming interfaces, packet formats and operating semantics as the unicast Domain Name System.

Was it on by default?
 
Was it on by default?

Yes. Well, it was enabled and I never enabled it. So I assume it is on by default.

I guess it's possible that rebooting the router alone fixed the issue but it was just taking a while for clients to connect and maybe if I had waited longer, everything would have been ok. I'll play around with this setting tomorrow and see if re-enabling it breaks anything.
 
Yes. Well, it was enabled and I never enabled it. So I assume it is on by default.

I guess it's possible that rebooting the router alone fixed the issue but it was just taking a while for clients to connect and maybe if I had waited longer, everything would have been ok. I'll play around with this setting tomorrow and see if re-enabling it breaks anything.
Since the router’s dnsmasq would still be running, clients that hadn’t renewed their leases should still have been able to resolve names successfully.

But looking at your WAN DNS screenshot, I think you might want to disable DNSSEC if you continue to use the pihole IP for the router WAN DNS. You do not have DNSSEC enabled on the pihole, based on your other screenshot. What DNS servers does the pihole use?
 
Would it be a good idea to use Unbound? While using Pihole ?
 
But looking at your WAN DNS screenshot, I think you might want to disable DNSSEC if you continue to use the pihole IP for the router WAN DNS. You do not have DNSSEC enabled on the pihole, based on your other screenshot. What DNS servers does the pihole use?

I've got the Pi-Hole set to use Cloudflare DNS (1.1.1.1 and 1.0.0.1)

I've gone in and checked "Use DNSSEC" on the Pi-Hole and restarted everything.

I also set "Enable multicast DNS (Avahi mDNS)" back to "Yes" on the router as well.

Seems like it's working so far.
 
I've configured a static IP address for the Raspberry Pi... 192.168.1.2 using the DHCP settings on the ASUS router. I've adjusted my IP Pool Starting Address to start at 192.168.1.3 to leave room for the Raspberry Pi IP.

I was able to get everything working by adding it into the WAN DNS Setting section of the router and while this appears to work (I'm seeing blocked traffic in the Pi-Hole dashboard) all of the traffic appears to be coming from one device (my router). Here's what that config looks like on my router...

i forgot about that ip range formyself.... i gave my pihole a static ip reservation of like 192.168.5.200 in the router despite that.
so will it cause any real world problems?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top