Solved Device not respecting DNS Director or (Yaz)DHCP Server settings

[dangkhoa]

I have an Intel NUC running Pi-hole that I'm currently using as my DNS server for my network:

I have a device on my IoT network that's pretty chatty (a baby monitor), and it regularly causes my Pi-hole to throw a warning that the concurrent DNS query limit is reached. I've tried both of the following, and I still see in my Pi-hole logs that the device is making DNS requests to my Pi-hole rather than the DNS server I've set for it (1.1.1.1):

• Make a DHCP reservation and set the DNS server for this device, on the DHCP Server tab:
  • 

• Using DNS Director, set the redirect to 1.1.1.1:
  • 

I could use some help figuring out if this is an issue with my DHCP server settings, DNS Director settings, Pi-hole settings, or the device in question... (note, the baby monitor does not have the ability to configure its own DNS server - it's supposed to use whatever the router advertises as the DNS..)

Configuration: RT-AX58U, running AsusWRT-Merlin 3004.388.10_2, with YazDHCP 1.2.4.

 

[bennor]

To start with, how is your router configured for Pi-Hole? Do you have the Pi-Hole in the WAN DNS fields? If you do they should be in the LAN DHCP Server DNS fields instead.

Post Edit. There are various other discussions on how to setup Pi-Hole to work with an Asus router. For example see this post if using Asus-Merlin firmware earlier than 3004.388.10 (4-Oct-2025).
Post more information about your setup.
What is your router's IP address range?
Are you using YazFi?
How is the router configured to use Pi-Hole?
Is the Pi-Hole set to No Redirection in DNS Director?

 

[bennor]

Configuration: RT-AX56U, running AsusWRT-Merlin 3004.388.10_2, with YazDHCP 1.2.4.

Also, what specific router and firmware are you running? You indicate an RT-AX56U with 3004.388.10_2, however the last Asus-Merlin firmware for the RT-AX56U is 3004_388.8_4 according to the Asus-Merlin website and download page.

 

[bbunge]

DNS Director is not the place to set the DNS for the baby monitor. Set a manually assigned IP address in LAN/DHCP Server/Manually Assigned IP around the DHCP list. There is an option to assign DNS Server for that specific client. DHCP then will not give the Pi-Hole address to the monitor.
Then in DNS Director set the baby monitor to No Redirection.

The reason your Pi-Hole is seeing all the chatty DNS requests is that the router DHCP is assigning the Pi-Hole as DNS. DNS Director is doing nothing.

Also, I recommend you use 1.1.1.2 which is Cloudflare Security.

 

[dave14305]

DNS Director is not the place to set the DNS for the baby monitor. Set a manually assigned IP address in LAN/DHCP Server/Manually Assigned IP around the DHCP list. There is an option to assign DNS Server for that specific client. DHCP then will not give the Pi-Hole address to the monitor.
Then in DNS Director set the baby monitor to No Redirection.

The reason your Pi-Hole is seeing all the chatty DNS requests is that the router DHCP is assigning the Pi-Hole as DNS. DNS Director is doing nothing.

He assigned 1.1.1.1 in the YazDHCP reservation list, though. Does that feature still work?

 

[dangkhoa]

Also, what specific router and firmware are you running? You indicate an RT-AX56U with 3004.388.10_2, however the last Asus-Merlin firmware for the RT-AX56U is 3004_388.8_4 according to the Asus-Merlin website and download page.

Whoop, meant RT-AX58U - updated OP

 

[bbunge]

He assigned 1.1.1.1 in the YazDHCP reservation list, though. Does that feature still work?

Would bet it doesn't. But I do not know YazDHCP as I have never needed it.

 

[dangkhoa]

To start with, how is your router configured for Pi-Hole? Do you have the Pi-Hole in the WAN DNS fields? If you do they should be in the LAN DHCP Server DNS fields instead.

Post Edit. There are various other discussions on how to setup Pi-Hole to work with an Asus router. For example see this post if using Asus-Merlin firmware earlier than 3004.388.10 (4-Oct-2025).
Post more information about your setup.
What is your router's IP address range?
Are you using YazFi?
How is the router configured to use Pi-Hole?
Is the Pi-Hole set to No Redirection in DNS Director?

I am indeed using YazFi, here are more details:

IP address range:

• Ethernet and main wifi: 192.168.36.0, range .20 to .254
• Guest wifi: 192.168.42.0 (2.4GHz - IP range .2 to .254) and 192.168.45.0 (5GHZ - IP range .2 to .254)
• Media wifi (cameras, smart speakers, etc): 192.168.52.0 (2.4GHz - IP range .2 to .254) and 192.168.55.0 (5GHZ - IP range .2 to .254)
• IoT wifi: 192.168.62.0 (2.4GHz - IP range .2 to .254)

While getting this information, I noticed that I had the following setting checked in YazFi:

I set this to "No" and it looks like the Pi-hole is no longer logging requests from the baby monitor! I completely forgot about YazFi's settings

So it seems YazFi overrides DNS Director and DHCP Server settings. I think I knew that..

 

[dangkhoa]

I'm marking as solved, but is it better to use DNS Director or setting the DNS server under the DHCP Server tab for the device to skip my Pi-hole? My guess is I ought to use DNS Director since setting the DNS server is dependent on YazDHCP?

 

[bennor]

Question is, why did you have YazFi's Force DNS enabled in the first place? As you discovered enabling that option may produce unexpected behavior down the line when trying to perform other actions or modify other settings. Do you have a specific use case that necessitates enabling that option?

There have been some discussion in the YazFI addon thread(s) about using Force DNS. For example the original developer indicated the following about Force DNS:

yazfi's force dns option replicates dnsfilter for yazfi networks

Here is how Force DNS is explained at the current YazFi github page:

wl01_FORCEDNS​

Should Guest Network DNS requests be forced/redirected to DNS1? (true/false) N.B. This setting is ignored if sending to VPN, and VPN Client's DNS configuration is Exclusive

Personally, when using YazFi in the past, I did not have that option enabled for my use case.

.... is it better to use DNS Director or setting the DNS server under the DHCP Server tab for the device to skip my Pi-hole? My guess is I ought to use DNS Director since setting the DNS server is dependent on YazDHCP?

You could use either method if they both accomplish the same thing in your setup (bypassing the Pi-Hole). It's your personal choice. Using DNS Director over inputting a single DNS value in the client's manual IP reservation may be better from a usage standpoint with the various settings in one place versus in two places. But again, personal choice.

Because the later Asus-Merlin non-3006.102.x firmware made a change in the way DNS Director handles the Global Redirection setting the steps to configure Pi-Hole on later firmware versions changed slightly from previous methods. The DNS Director change starting with Asus-Merlin firmware; 3004.388.10 (4-Oct-2025) and 3006.102.4 (10-May-2025):

- CHANGED: Setting DNS Director to "Router" will now always redirect to the router's own IP. Previously it would redirect to the first DNS server configured on the DHCP page which defaults to the router itself).

If you need DNS Director to redirect to an IP configured in your DHCP settings, use a Custom DNS entry in DNS Director. This makes it more consistant with what the name implies, and was also necessary for improved Guest Network support.

Because of that DNS Director change the following very basic and general Pi-Hole v6.x/Asus-Merlin configuration should work. There may be better ways to configure Asus-Merlin and Pi-Hole v6.x, but what follows should work for a basic use case on the Asus-Merlin 3004.388.10 and later 388 line firmware:

• Input the Pi-Hole IP address into the LAN > DHCP Server DNS field(s). (Set Advertise router's IP in addition to user specified DNS to No if that option is available.)
• For the WAN DNS fields use any public or ISP DNS server.
• If using YazFi, input the Pi-Hole's IP address into the Guest Network > YazFi > DNS Server field(s) if you want the YazFi clients to use the Pi-Hole; save the YazFi setting changes.
• On the DNS Director page, enable DNS Director.
• On the DNS Director page, set Global Redirection to User defined DNS #1.
• On the DNS Director page, input the Pi-Hole IP into User defined DNS #1 field
• On the DNS Director page, in the Client List select the Pi-Hole's MAC address and set Redirection to No Redirection, then click the Add (plus) icon to add it to the list.
• When finished making changes on DNS Director remember to select the Apply button.
• On the Pi-Hole > Settings >DNS one may need to change the Interface Settings to either Respond only on interface (select Pi-Hole network interface), or if using multiple network ports on the Pi-Hole device select Permit all all origins.
• On the Pi-Hole > Settings > DNS page under Conditional Forwarding, follow the examples to input your router's main LAN and any YazFi Guest Network IP subnet/IP address in the format the example indicates (ex: true,192.168.0.0/24,192.168.0.1,fritz.box) in the provided Conditional Forwarding field.
• Make sure to apply any changes to the Pi-Hole settings.
• When finished test the settings to see if clients are using the Pi-Hole and if the Pi-Hole is properly showing the client requests in the Pi-Hole Query Log.
• In rare cases one may need to reboot both the router and any network clients.
• One may also want to input a domain name into the LAN >LAN-IP Domain Name field and LAN > DHCP Server Router's Domain Name field. That domain name can used when setting up the Pi-Hole Conditional Forwarding reverse server(s).
• Note: Using YazFi's Force DNS option may override, for YazFi Clients, the use of the DNS Director.

For 3006.102.4 and later Asus-Merlin firmware users see this post for a similar basic general configuration of Asus-Merlin and Pi-Hole.

 

[dangkhoa]

Question is, why did you have YazFi's Force DNS enabled in the first place? As you discovered enabling that option may produce unexpected behavior down the line when trying to perform other actions or modify other settings. Do you have a specific use case that necessitates enabling that option?

I think I was under the impression that I needed to use it with YazFi specifically. I was learning about AsusWRT-Merlin and Pi-hole simultaneously. It looks like YazFi's "Force DNS" setting will make it easier to apply to any and all devices on a given guest network, but at the expense of loss of granularity with DNS Director to control any individual device is what I am gathering.

Thanks for the detailed writeup on how to effectively configure Pi-hole! Will take a look and adjust my setup appropriately!

 

[bennor]

I think I was under the impression that I needed to use it with YazFi specifically.

Out of curiosity, what gave you that impression? That you had to use the Force DNS option when using YazFi? The YazFi Force DNS option is, if I remember correctly, typically disabled by default.

The original developer of YazFi, as noted above, indicates that the YazFi Force DNS option, when enabled, replicates DNS Filter (now known as DNS Director), forcing all the YazFi clients to use what ever value is in YazFI's DNS Server 1 field. As you discovered, if you want the ability to route a specific YazFi client to some other DNS server, other than the one listed in the YazFi DNS Server fields, then you do not enable the YazFi Force DNS option.