Release Asuswrt-Merlin 3006.102.4 is now available

[fotingo]

A Pi-Hole reload may not be needed, just a review of the Pi-Hole settings. For example if you have Pi-Hole configured to allow only local requests (allows only queries from devices that are at most one hop away (local devices)) it may not respond to respond to requests from other subnets like Guest Network Pro or VPN clients who may be using a different IP address subnet. And general note/standard reminder, it is not typically recommended to input the Pi-Hole into the WAN DNS fields by Pi-Hole themselves, doing so can potentially cause problems.

This is how I've had my settings for probably a few years with no issues. I was told to use "Respond only on interface eth0" in order be able to use Pihole DNS from outside my network while using Openvpn.

 

[fotingo]

Something is definitely not right. I cannot have this setting like this, if not my wireless devices get "No internet" message.

 

[fotingo]

One word of note about DNS Director in case you were not aware of it. There was a change in how it works. Per the change log:

If your Pi-Hole is at 192.168.1.78 and you would like the Global Redirection to use it, then change Global Redirection from Router to User defined DNS 1.

- CHANGED: Setting DNS Director to "Router" will now always
redirect to the router's own IP. Previously it
would redirect to the first DNS server configured
on the DHCP page (which defaults to the router
itself).
If you need DNS Director to redirect to an IP
configured in your DHCP settings, use a Custom DNS
entry in DNS Director. This makes it more consistant
with what the name implies, and was also necessary
for improved Guest Network support.

Im a bit confused by this. If I set the first DNS in the DHCP to be 192.168.1.78, does that mean even if that IP is there, it would ignore that IP and use 192.168.1.1 which is the router's IP?
am I reading that correctly?

Does that mean the Router option is useless on this version.. if not, what is the Router option for?

 

[rung]

- CHANGED: Setting DNS Director to "Router" will now always
redirect to the router's own IP. Previously it
would redirect to the first DNS server configured
on the DHCP page (which defaults to the router
itself).
If you need DNS Director to redirect to an IP
configured in your DHCP settings, use a Custom DNS
entry in DNS Director. This makes it more consistant
with what the name implies, and was also necessary
for improved Guest Network support.

Im a bit confused by this. If I set the first DNS in the DHCP to be 192.168.1.78, does that mean even if that IP is there, it would ignore that IP and use 192.168.1.1 which is the router's IP?
am I reading that correctly?

Does that mean the Router option is useless on this version.. if not, what is the Router option for?

DNS Director is only needed when the client ignores the DHCP DNS suggestions. If a client tries to go somewhere else it gets redirected to the location specified. If Router, to the router. If Custom, to that custom destination.

 

[fotingo]

DNS Director is only needed when the client ignores the DHCP DNS suggestions. If a client tries to go somewhere else it gets redirected to the location specified. If Router, to the router. If Custom, to that custom destination.

What I am confused is because, if I set this on the LAN DCHP

Doesn't that mean this becomes the DNS server for everyone connected to the router?
If so, then selecting Router in DNS Director forces everyone to use that DNS server set in the LAN DCHP, no?

The Custom would be for devices I want to use a different DNS server or whatnot..right?
So, i am confused because what's then the difference between using Router and Custom if both achieve the same which is forcing clients to use the DNS server indicated in the LAN DHCP.
I have to be missing something here.

 

[bennor]

Something is definitely not right. I cannot have this setting like this, if not my wireless devices get "No internet" message.
View attachment 65860

Post the rest of your DNS Director settings so people can review how you have it configured.
Do you have the Pi-Hole listed in the DNS Director's Client list and if so is it configured for No Redirection?
Are your wireless devices Guest Network Pro client devices? If so have you input the Guest Network Pro into the DNS Director's Guest Network Pro Profiles section and have you set them to use the Pi-Hole in User defined DNS?

For example, the attached image shows two Raspberry Pi's running Pi-Holes configured in DNS Director. The User Defined DNS 1 has one of the Pi-Hole IP's. The Pi-Holes need to be included in the Client List and set to No Redirection to avoid issues. With this configuration Guest Network Pro clients use the Pi-Hole. And devices that try to bypass the Pi-Holes (with their own DNS servers) are routed to the Pi-Hole due to the Global Redirection set to User Defined 1 (a Pi-Hole).

 

[fotingo]

Post the rest of your DNS Director settings so people can review how you have it configured.
Do you have the Pi-Hole listed in the DNS Director's Client list and if so is it configured for No Redirection?
Are your wireless devices Guest Network Pro client devices? If so have you input the Guest Network Pro into the DNS Director's Guest Network Pro Profiles section and set them to use the Pi-Hole in User defined DNS?

For example, the attached image shows two Raspberry Pi's running Pi-Holes configured in DNS Director. The User Defined DNS 1 has one of the Pi-Hole IP's. The Pi-Holes need to be included in the Client List and set to No Redirection to avoid issues. With this configuration Guest Network Pro clients use the Pi-Hole. And devices that try to bypass the Pi-Holes (with their own DNS servers) are routed to the Pi-Hole due to the Global Redirection set to User Defined 1 (a Pi-Hole).

That was it.. I knew I must have been missing something. I did not have Pihole "excluded" or set to No Direction in there.
Thank you Bennor!

 

[bennor]

View attachment 65863

Provide context to what the screen capture shows so people can understand how you have it configured.

 

[fotingo]

@bennor I had edited my previous response. You reminded me I needed to add the Pihole to No Direction. It's working now, thanks so much!

 

[dave14305]

I have to be missing something here.

Your immediate problem was solved, but the confusion starts when LAN DHCP DNS offers an internal IP address to LAN clients. DNS requests going from a LAN client to a LAN DNS server (on the same subnet) never pass through the router or firewall where DNS Director can “see them”. So DNS Director does not act when well-behaved LAN clients use the local DNS servers from DHCP.

If LAN DHCP DNS offers a public DNS to LAN clients (e.g. 9.9.9.9 or 8.8.8.8), and redirection mode is set to router, then the router/firewall will see all those requests passing from LAN to WAN and redirect them to the router’s local IP.

 

[fotingo]

Your immediate problem was solved, but the confusion starts when LAN DHCP DNS offers an internal IP address to LAN clients. DNS requests going from a LAN client to a LAN DNS server (on the same subnet) never pass through the router or firewall where DNS Director can “see them”. So DNS Director does not act when well-behaved LAN clients use the local DNS servers from DHCP.

If LAN DHCP DNS offers a public DNS to LAN clients (e.g. 9.9.9.9 or 8.8.8.8), and redirection mode is set to router, then the router/firewall will see all those requests passing from LAN to WAN and redirect them to the router’s local IP.

When you say the "router's local IP" you mean 192.168.1.1 in my case? - and, does that mean having a Pihole IP under the LAN DHCP DNS section and then setting the redirection to Router, it means the Pihole would be bypased since the firewall will use the router's IP?

This is just bouncing inside my head trying to make sense, but so far I know that is how it's supposed to be, but I would want for it to make sense in my head to fully grasp it.
I think because the previous versions I was using Router as the global redirection for so long, it's now difficult for me to unlearn how DNS Director was on previous versions lol.

 

[sebid]

Has anyone gotten their IoT on a VLAN to work with Matter across the br0/br52 bridges? I've tried a few solutions, like an avahi postconf, with enable-reflector=yes / use-ipv6=yes / allow-interfaces=br0,br52 , then tried iptables like:

 # br0/br52
iptables -I FORWARD -i br0 -o br52 -s 192.168.1.3 -d 192.168.52.0/24 -j ACCEPT
iptables -I FORWARD -i br52 -o br0 -s 192.168.52.0/24 -d 192.168.1.3 -j ACCEPT
#
# Allow forwarding of UDP (mDNS, Matter)
ip6tables -I FORWARD -p udp --dport 5353 -j ACCEPT
ip6tables -I FORWARD -p udp --dport 5540 -j ACCEPT

# Allow multicast forwarding
ip6tables -I FORWARD -d ff00::/8 -j ACCEPT

But nothing seems to be able to make my HomeAssistant on 192.168.1.3 be able to communicate with IoT devices on 192.168.52.x. Any other ideas?
2025-05-20 07:01:07.469 (Dummy-2) CHIP_ERROR [chip.native.DIS] Failed to advertise records: src/inet/UDPEndPointImplSockets.cpp:421: OS Error 0x02000065: Network is unreachable

 

[junior120872]

Has anyone gotten their IoT on a VLAN to work with Matter across the br0/br52 bridges? I've tried a few solutions, like an avahi postconf, with enable-reflector=yes / use-ipv6=yes / allow-interfaces=br0,br52 , then tried iptables like:

 # br0/br52
iptables -I FORWARD -i br0 -o br52 -s 192.168.1.3 -d 192.168.52.0/24 -j ACCEPT
iptables -I FORWARD -i br52 -o br0 -s 192.168.52.0/24 -d 192.168.1.3 -j ACCEPT
#
# Allow forwarding of UDP (mDNS, Matter)
ip6tables -I FORWARD -p udp --dport 5353 -j ACCEPT
ip6tables -I FORWARD -p udp --dport 5540 -j ACCEPT

# Allow multicast forwarding
ip6tables -I FORWARD -d ff00::/8 -j ACCEPT

But nothing seems to be able to make my HomeAssistant on 192.168.1.3 be able to communicate with IoT devices on 192.168.52.x. Any other ideas?
2025-05-20 07:01:07.469 (Dummy-2) CHIP_ERROR [chip.native.DIS] Failed to advertise records: src/inet/UDPEndPointImplSockets.cpp:421: OS Error 0x02000065: Network is unreachable

I spent a long time trying to do this with Homebridge. I was never able to get it to fully work using avahi in the merlin build or through entware. I ended up just dual homing my homebridge machine and running the avahi reflector on it. Not ideal, but got the job done.

 

[sebid]

Well it's a simple Raspberry Pi 4 running HomeAssistant, I doubt I can configure it this way since it doesn't have two network ports, plus I don't want to modify the network stack/scripts on it...

I spent a long time trying to do this with Homebridge. I was never able to get it to fully work using avahi in the merlin build or through entware. I ended up just dual homing my homebridge machine and running the avahi reflector on it. Not ideal, but got the job done.

Damn, shame, thought it would be a tad easier or that the GNP GUI would permit this, given it allows you to create specifically an IoT network, but things don't just work out of the box.

I'll probably try moving to a UniFi setup, given I'll soon have to support 10Gbps WAN, and the ASUS BE devices are smoking expensive in my country... GT BE-98 is 575€, while a Unifi Cloud Gateway Fiber is 330€ + an AP is 150-200€...