What's new

How to setup Pi-hole to work with Merlin?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Atwellus

New Around Here
Is there a beginner's guide to how to properly setup Pi-hole (and Unbound) to work with Merlin? I found this thread (ASUS RT-AC68U - The correct way to configure DNS for Pi-Hole (standalone device) | SmallNetBuilder Forums (snbforums.com)) but it was a little confusing, as there were different steps in different replies.

Can someone do a walkthrough of all the configuration I would need to do in Merlin, Pi-hole and/or in Unbound to get everything working correctly? I am beginner, so my apologies if this should be obvious but I think this will be helpful to others like me in the future too.

My network setup is as follows, if it helps:

I have an LTE device that I use for internet, which is plugged into a RT-AC68U through the WAN port. The router is providing the Wi-Fi networks that all my devices connect to. Pi-hole and Unbound are installed on a Raspberry Pi 4, which is plugged into the router via the LAN 1 port. The router is running firmware version 386.2_6 and there is no additional software or scripts installed (though I can, if needed for this setup).
 
It's all detailed in the Pi-hole documentation . Have you reviewed it at all? The router setup is easy.
 
It's all detailed in the Pi-hole documentation . Have you reviewed it at all? The router setup is easy.
I did. The Post Install step in the documentation (Post-Install - Pi-hole documentation) links to this guide: How do I configure my devices to use Pi-hole as their DNS server? - FAQs - Pi-hole Userspace

Based on method 1 from that link, I can put the IP address of the Pi as the DNS server in the LAN settings page in Merlin. However, this doesn't work with clients that have a hardcoded DNS (Chromecast, Roku, etc.). From my reading here, it looks like I might be able to use the DNSFilter option to route all DNS lookup to use the Pi-hole instead but I would like some instructions on how to do that.

Also there are some other DNS related settings in the WAN settings area that I would like recommendations on.

Secondly, the above link also has a method using dnsmasq. I know Merlin uses dnsmasq, so if this is the way to go instead of the first method, I am OK with that too but I was hoping to get some instructions on how to do it.

Like I said, I am a beginner, so some of this might seem obvious but I am just looking for some additional help.
 
In your DNSfilter tab, set it to router. Then add your pihole MAC address and set it to No filtering, then hit apply.
In your LAN/ DHCP server set the IP address of the pihole in the DNS #1 slot
 
Thank you. I have a couple questions, if you don't mind.

In your DNSfilter tab, set it to router. Then add your pihole MAC address and set it to No filtering, then hit apply.
In your LAN/ DHCP server set the IP address of the pihole in the DNS #1 slot

What do I enter for Custom DNS 1, 2 and 3 in the DNSFilter tab, after selecting Router?

And should the 'Advertise router's IP in addition to user-specified DNS' be enabled on the LAN/DHCP page?
 
Thank you. I have a couple questions, if you don't mind.



What do I enter for Custom DNS 1, 2 and 3 in the DNSFilter tab, after selecting Router?

And should the 'Advertise router's IP in addition to user-specified DNS' be enabled on the LAN/DHCP page?
I leave those blank custom DNS 1-2-3

No to the other question
 
I can confirm the info here is correct and works great! Thank y'all.
 
I was wondering if it's possible to run unbound on the router (I have an RT-AC3100) and run pihole on a Raspberry pi and if so what is the custom DNS to enter in the Pihole setup page. I can confirm that the default of 127.0.0.01#5335 does not work because unbound manager does not set up unbound with that port. I have tried both 127.0.0.1#53535 and the ip of my router 192.168.1.1#53535 which sort of worked but I am not sure if that is how it should be set up. Can anyone help?
 
I was wondering if it's possible to run unbound on the router (I have an RT-AC3100) and run pihole on a Raspberry pi and if so what is the custom DNS to enter in the Pihole setup page. I can confirm that the default of 127.0.0.01#5335 does not work because unbound manager does not set up unbound with that port. I have tried both 127.0.0.1#53535 and the ip of my router 192.168.1.1#53535 which sort of worked but I am not sure if that is how it should be set up. Can anyone help?
Why not just run Unbound on your raspberry pi along with Pihole?
 
I have tried both 127.0.0.1#53535 [...]
That didn't work because 127.0.0.1 is localhost, i.e. local to your raspberry pi, and unbound is running on your router.

the ip of my router 192.168.1.1#53535 which sort of worked but I am not sure if that is how it should be set up. Can anyone help?
Assuming you kept the default port for unbound manager, that configuration should be working. The charts and graphs should give you an idea.

As others have mentioned, running unbound on the pi is also possible, and the pi typically will have more memory for caching. But there's nothing wrong with running it on your router, and the setup is very easy.
 
Why not just run Unbound on your raspberry pi along with Pihole?
That is what I was previously doing for years now. However, Unbound Manager has the option for Youtube Ad Blocking and it works well. I would like to keep that. However, I do not like Unbound ad blocking nor do I like Diversion.
 
I have solved the problem. I had to edit the unbound.conf on the router and add the line
'"interface: 192.168.1.1@53535"
to the server section of the file (192.168.1.1 is the IP of the RT-AC3100). Before I put that line in I was not getting ad blocking.

I then pointed Pihole to use "192.168.1.1@53535" as my upstream DNS server. Ad blocking is working perfectly and so is YouTube ad blocking. I am using Cloudflare servers for my WAN DNS servers (which I also used when unbound was running on the Pi) and have confirmed with DIG and LeakTest that unbound is working correctly.

Thank to everyone that responded to help me solve this issue. It's appreciated.
 
Followed the instructions here and the links to install Pi-Hole and Unbound. All seems to be working well, didn't decrease throughput. 1gb service getting ~960mb throughput via AX88U QOS tab for internet speed.
I added additional servers to include Malware, other block lists and added a Blacklist REGEX filter to block malicious countries as a whole... ru, cn, pk, etcetera.
TIA all.
 
Followed the instructions here and the links to install Pi-Hole and Unbound. All seems to be working well, didn't decrease throughput. 1gb service getting ~960mb throughput via AX88U QOS tab for internet speed.
I added additional servers to include Malware, other block lists and added a Blacklist REGEX filter to block malicious countries as a whole... ru, cn, pk, etcetera.
TIA all.
I don't get why people talk about throughput and DNS resolution / DNS ad-blocking together. :)
 
'cause prior to installing Pi-Hole I was using Diversion and Skynet scripts on the router itself. The 1gb service would only hit 500-600mb max. Offloading Ad-blocking and Malicious file blocking to a filtering DNS freed up router CPU resources.
 
'cause prior to installing Pi-Hole I was using Diversion and Skynet scripts on the router itself. The 1gb service would only hit 500-600mb max. Offloading Ad-blocking and Malicious file blocking to a filtering DNS freed up router CPU resources.
Thanks for clarifying that :)
 
Thanks for clarifying that :)
No worries... I should have provided more backdrop on why I was implementing it.

And I should also say that I'm using a RPi 4B/8, a RPi 4 because of the 1G ethernet port. Even though the 3B has a '1gb' ethernet port, its limited by the USB2 chipset it pipes thorugh to ~300mb actual throughput. The 960mb throughput I'm seeing on router speedtest is through the RPi 4 1gb port. I'm still amazed it can achieve this throughput on a single port... I'd guessed it would hit ~450mb because it the single port handles both in and out-bound traffic - internet in from WAN --> through Pi-Hole --> screened internet back out to the LAN. I even went sofar as to purchase a 1gb USB3 ethernet adapter (if you do this read up, certain chipsets will give full 1gb, some dont) that I was planning to add as either in/out pipe, but looks like I don't need to. Pretty amazing little thing and application.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top