What's new

How to properly configure pihole server recursive dns for my lan.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Oldmanlight

New Around Here
Hey all,
Long time lurker first time poster. Running at ax-88u with 386.5 and i have a question about how to properly setup my pi hole server on my lan. I currently have its IP address set as the sole dns server under the wan tab but I’m wondering if I should have it set to be distributed to individual clients under the lan dhcp tab. I know the pi hole logs would be better as then it would show queries from dhcp client ips rather than just every query coming from the router but I’m wondering if I’d be giving up anything in terms of performance, features, or security at the router level by doing this and taking my router out of the dns query loop.

My end goal is to have the router logs for dhcp client traffic to monitor my kids devices, have the pi hole for dns and ad blocking, and have my gaming and streaming traffic performing optimally while doing so.

have also wondered about pi hole vs diversion for ad blocking but that might be a better question for the add on sub forum.

thanks!
 
Hey all,
Long time lurker first time poster. Running at ax-88u with 386.5 and i have a question about how to properly setup my pi hole server on my lan. I currently have its IP address set as the sole dns server under the wan tab but I’m wondering if I should have it set to be distributed to individual clients under the lan dhcp tab. I know the pi hole logs would be better as then it would show queries from dhcp client ips rather than just every query coming from the router but I’m wondering if I’d be giving up anything in terms of performance, features, or security at the router level by doing this and taking my router out of the dns query loop.

My end goal is to have the router logs for dhcp client traffic to monitor my kids devices, have the pi hole for dns and ad blocking, and have my gaming and streaming traffic performing optimally while doing so.

have also wondered about pi hole vs diversion for ad blocking but that might be a better question for the add on sub forum.

thanks!
There are a few issues with pointing the WAN page DNS at the pi-hole. The most relevant here since you want to see the logs, being that the router caches DNS and so you'll not see multiple instances of the same look up and the associated timestamps.

As for using Diversion, if you also install the uiDivStats, then you get pretty similar levels of casual log perusal ability. Diversion also wins on the ability to easily switch between different levels of ad blocking, with it's default being indistinguishable to most to that of Pi-Hole.

The third horse in the race is AdGuard, again the end result is pretty indistinguishable. AdGuard's biggest advantage is that it is a monolithic, do everything app, its biggest disadvantage is that it is a monolithic, do everything app!

*I don't think you need to worry about performance whichever option you take, DNS lookups are the kind of drip, drip, that the router can handle with ease. If you do have devices that you want to remove from the regular DNS flow, you always use the DNS Filter tab.

**For the record: Long time Pi-Hole (with Unbound) user who has recently migrated to Diversion (it used to be unstable on my RT-AC86U) (without Unbound). I've also tried AdGuard both on a Raspberry Pi and the router, with and without Unbound. Many swear by AdGuard, I just swore at it!
 
There are a few issues with pointing the WAN page DNS at the pi-hole. The most relevant here since you want to see the logs, being that the router caches DNS and so you'll not see multiple instances of the same look up and the associated timestamps.

As for using Diversion, if you also install the uiDivStats, then you get pretty similar levels of casual log perusal ability. Diversion also wins on the ability to easily switch between different levels of ad blocking, with it's default being indistinguishable to most to that of Pi-Hole.

The third horse in the race is AdGuard, again the end result is pretty indistinguishable. AdGuard's biggest advantage is that it is a monolithic, do everything app, its biggest disadvantage is that it is a monolithic, do everything app!

*I don't think you need to worry about performance whichever option you take, DNS lookups are the kind of drip, drip, that the router can handle with ease. If you do have devices that you want to remove from the regular DNS flow, you always use the DNS Filter tab.

**For the record: Long time Pi-Hole (with Unbound) user who has recently migrated to Diversion (it used to be unstable on my RT-AC86U) (without Unbound). I've also tried AdGuard both on a Raspberry Pi and the router, with and without Unbound. Many swear by AdGuard, I just swore at it!
I am curious about your last line: I have personally been using Unbound (in recursive mode) and Diversion for quite some time successfully on my RT-AC86U, but have been intrigued by the AdGuard Home setup. What was going wrong in your setup? Curious about any perceptible differences in DNS resolution speed too, although I get the impression that should be very minimal, if noticeable at all.
 
Historically I've used unbound in recursive mode and just as an enlarged cache with my ISPs DNS servers. While I've had no problems, in terms of performance I've found little difference in using Pi-Hole with or without Unbound. Currently, I'm using my ISP DNS with malicious content blocking.
 
There are a few issues with pointing the WAN page DNS at the pi-hole. The most relevant here since you want to see the logs, being that the router caches DNS and so you'll not see multiple instances of the same look up and the associated timestamps.

As for using Diversion, if you also install the uiDivStats, then you get pretty similar levels of casual log perusal ability. Diversion also wins on the ability to easily switch between different levels of ad blocking, with it's default being indistinguishable to most to that of Pi-Hole.

The third horse in the race is AdGuard, again the end result is pretty indistinguishable. AdGuard's biggest advantage is that it is a monolithic, do everything app, its biggest disadvantage is that it is a monolithic, do everything app!

*I don't think you need to worry about performance whichever option you take, DNS lookups are the kind of drip, drip, that the router can handle with ease. If you do have devices that you want to remove from the regular DNS flow, you always use the DNS Filter tab.

**For the record: Long time Pi-Hole (with Unbound) user who has recently migrated to Diversion (it used to be unstable on my RT-AC86U) (without Unbound). I've also tried AdGuard both on a Raspberry Pi and the router, with and without Unbound. Many swear by AdGuard, I just swore at it!
With regard to adguard, is there any kind of interface to view logs or configure settings after installing it in amtm? I just loaded it up and I’m lost as to how to use it.
 
I currently have its IP address set as the sole dns server under the wan tab but I’m wondering if I should have it set to be distributed to individual clients under the lan dhcp tab.
Putting the Pi-Hole's IP address into WAN can setup a potential issue if one also has Use Conditional Forwarding enabled on the Pi-Hole. It can create a feedback loop of queries that can quickly flood the local network bringing traffic to its knees. Been there, done that, had it happen (twice). Normally one would put upstream public (or ISP provider's) DNS servers in the WAN DNS fields and put Pi-Hole's IP into the LAN DNS field(s). Then one would set Advertise router's IP in addition to user-specified DNS to No. One can also setup DNSFilter to force all DNS requests to the Pi-Hole to help redirect DNS requests from those devices that have hard coded DNS servers and would otherwise bypass Pi-Hole. Some past posts I've made explaining general setup directions for Pi-Hole:
https://www.snbforums.com/threads/pihole-dns.74646/#post-712118
https://www.snbforums.com/threads/pihole-dns.74646/post-712319

Been using Pi-Hole + Unbound on headless Raspberry Pi's for a number of years now. Works well. Some go hog wild with block lists, I don't. I just use Jacklul's update lists script that updates the Pi-Hole using the main ad block lists from Firebog.net.
 
Last edited:
Putting the Pi-Hole's IP address into WAN can setup a potential issue if one also has Use Conditional Forwarding enabled on the Pi-Hole. It can create a feedback loop of queries that can quickly flood the local network bringing traffic to its knees.
You can avoid that loop by telling dnsmasq to only answer reverse lookup queries locally. If your LAN is 192.168.1.0/24, add this to dnsmasq.conf.add:
Code:
local=/0.1.168.192.in-addr.arpa/
 
During the setup of AdGuard it will tell you the port for its WEB UI, through which you can perform a fair amount of configuration.

Regards Pi-Hole and other ad-blockers, it's easy to get carried away. Personally, its about blocking the malicious content before it has the ability to infect anything!
 
During the setup of AdGuard it will tell you the port for its WEB UI, through which you can perform a fair amount of configuration.

Regards Pi-Hole and other ad-blockers, it's easy to get carried away. Personally, its about blocking the malicious content before it has the ability to infect anything!
Omg, I can’t believe it missed that. Thanks a lot! I’m there now.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top