GT-BE98 Pro 3006.102.5 DNSDirector

[stealurkill]

I was working properly before. From what I see the change is in what redirect to Router does.

I was going off the changelog here

- FIXED: DNSDirector "Router" mode would not always work properly
with IPv6 (now uses REDIRECT instead of DNAT, which was
backported from iptables 1.4.19).
- FIXED: DNSDirector would try to create iptables rules even
when that SDN should not allow DNSDirector if it shares
the main LAN interface. This could break DNSDirector
on the main network.

and this thread

GT-BE98 pro DNS Director issue with my pihole?

Hi everybody... First post. I'm running the Asuswrt-merlin firmware. It's pretty great! There's a larger story but I think my DNS director hates me. I pointed it at the User defnied 1 at my pihole and it seemed to put the iptable entry last, which mean it'll basically never get hit. #iptables...

www.snbforums.com

 

[Tech9]

I see. What you need to potentially change in your setup is stop redirections through the router's LAN IP (redirect to User Defined instead of Router) and probably select unfiltered upstream DNS servers for your Pi-hole(s). You have Quad9 filtered + Cloudflare unfiltered. This will stop the router as client in Pi-hole(s) logs and allow you to see better what's filtered. If Quad9 filters something upstream you'll never know what it was. Or if you want extra layer of protection make the second upstream DNS also filtered.

 

[stealurkill]

I see. What you need to potentially change in your setup is stop redirections through the router's LAN IP (redirect to User Defined instead of Router) and probably select unfiltered upstream DNS servers for your Pi-hole(s). You have Quad9 filtered + Cloudflare unfiltered. This will stop the router as client in Pi-hole(s) logs and allow you to see better what's filtered. If Quad9 filters something upstream you'll never know what it was. Or if you want extra layer of protection make the second upstream DNS also filtered.

That's what i had before and probably will go back. I switched due to the firmware update today for testing. My network is wild and controlling what goes out is ideal lol

 

[Tech9]

With 10M+ domains blocklist you perhaps don't need a Pi-hole. Just unplug the WAN cable for similar results.

 

[stealurkill]

With 10M+ domains blocklist you perhaps don't need a Pi-hole. Just unplug the WAN cable for similar results.

Lol For some reason this container shows both piholes for the amount of blocked domains. It's only 5 million. It's really mostly malware, trackers, ads, and pron.

I was more showing the queries and blocked.