How do I redirect all port 53 requests?

[seagull60]

I've just installed Asuswrt Merlin on my RT-AC86U because I would like to redirect all port 53 requests towards my pihole (also running unbound). What's the best way to do this? Is DNSFilter the way to go?

I've set my pihole's IP as the LAN and WAN dns address. I have now set DNSFilter to filter mode "router" (nothing in custom DNS fields) and then set the pihole's IP for no filtering. Is this the correct setup? I'm not sure how to test this.

 

[martinr]

Welcome to the forum.

I believe you are essentially correct. DNS Filter is the way to go. I believe though that your LAN DNS fields should be left blank. Then as you say Global Filter mode is the router with the PiHole excluded and set to no filtering.

As for testing if it’s working, if you do a Google search for test if PiHole is working, it should bring up enough to keep you busy for a while. But when you test, you’d be best to disable the PiHole and test again, not forgetting to temporarily change your WAN DNS suitably, to make sure that, if it appears PiHole is working, it’s not a false result caused by, say, a browser extension.

 

[dave14305]

I understand it’s more desirable to have the client IP in the PiHole logs, so maybe stick with the LAN DHCP setting, with DNSFilter still set to Router (it will force the LAN DHCP DNS server if filled in).

 

[macster2075]

This is an old post, but I was looking for a solution to my issue.

I also have mine setup this way, which was recommended on another thread, but I can still bypass the Pihole by changing the DNS server on each device.
Is there another setting I need to change to prevent this or will this have to be done via scripts?

 

[bennor]

This is an old post, but I was looking for a solution to my issue.

I also have mine setup this way, which was recommended on another thread, but I can still bypass the Pihole by changing the DNS server on each device.
Is there another setting I need to change to prevent this or will this have to be done via scripts?

Have you enabled DNF Filter/DNS Director and configured it for Pi-Hole? Per a post elsewhere...
In the LAN > DNSFilter section:

Set "Enable DNS-based Filtering" to On.​

Set "Global Filter Mode" to Router.​

Leave "Custom (user-defined) DNS 1" (and DNS 2/DNS 3) fields blank.​

Input or select the Pi-Hole device MAC address in the "Client MAC address" and select "No Filtering" as the Filter Mode.​

Then click the Plus icon to add the entry.​

Click Apply when finished.​

One may need to reboot all LAN/WiFi devices so they pull the updated DHCP information.
Or see this the image below:

Generally by using DNS Filter/DNS Director one is supposed to be able to block network clients from bypassing the LAN DNS servers. There may be exceptions to this including specific router settings or using VPN.
Edit to add: One thing people forget when using Pi-Hole and Asus-Merlin firmware is to set "Advertise router's IP in addition to user-specified DNS" to No in the LAN > DHCP Server > DNS and WINS Server Setting section in addition to putting the Pi-Hole IP address in the LAN DHCP DNS field(s). Failure to change that setting potentially allows LAN clients to bypass the Pi-Hole.

 

[macster2075]

I opened another thread as I didn't want to hijack this one. I actually setup Pihole the way you said..
this is my new post, if you would like to help me.. thank you...

Solved - Help with Forcing All Traffic to DNS

I used to use Tomato Firmware and it had a feature to "Intercept DNS port 53" which prevented devices from using their own DNS server, and it worked great. When I came to Asus Firmware, I found that feature enabling this... and it works great as it does what it says. I then started using...

www.snbforums.com