How to setup Pi-hole to work with Merlin?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Atwellus

New Around Here
Is there a beginner's guide to how to properly setup Pi-hole (and Unbound) to work with Merlin? I found this thread (ASUS RT-AC68U - The correct way to configure DNS for Pi-Hole (standalone device) | SmallNetBuilder Forums (snbforums.com)) but it was a little confusing, as there were different steps in different replies.

Can someone do a walkthrough of all the configuration I would need to do in Merlin, Pi-hole and/or in Unbound to get everything working correctly? I am beginner, so my apologies if this should be obvious but I think this will be helpful to others like me in the future too.

My network setup is as follows, if it helps:

I have an LTE device that I use for internet, which is plugged into a RT-AC68U through the WAN port. The router is providing the Wi-Fi networks that all my devices connect to. Pi-hole and Unbound are installed on a Raspberry Pi 4, which is plugged into the router via the LAN 1 port. The router is running firmware version 386.2_6 and there is no additional software or scripts installed (though I can, if needed for this setup).
 

taffeys

Regular Contributor
It's all detailed in the Pi-hole documentation . Have you reviewed it at all? The router setup is easy.
 

Atwellus

New Around Here
It's all detailed in the Pi-hole documentation . Have you reviewed it at all? The router setup is easy.
I did. The Post Install step in the documentation (Post-Install - Pi-hole documentation) links to this guide: How do I configure my devices to use Pi-hole as their DNS server? - FAQs - Pi-hole Userspace

Based on method 1 from that link, I can put the IP address of the Pi as the DNS server in the LAN settings page in Merlin. However, this doesn't work with clients that have a hardcoded DNS (Chromecast, Roku, etc.). From my reading here, it looks like I might be able to use the DNSFilter option to route all DNS lookup to use the Pi-hole instead but I would like some instructions on how to do that.

Also there are some other DNS related settings in the WAN settings area that I would like recommendations on.

Secondly, the above link also has a method using dnsmasq. I know Merlin uses dnsmasq, so if this is the way to go instead of the first method, I am OK with that too but I was hoping to get some instructions on how to do it.

Like I said, I am a beginner, so some of this might seem obvious but I am just looking for some additional help.
 

New2This

Senior Member
In your DNSfilter tab, set it to router. Then add your pihole MAC address and set it to No filtering, then hit apply.
In your LAN/ DHCP server set the IP address of the pihole in the DNS #1 slot
 

Atwellus

New Around Here
Thank you. I have a couple questions, if you don't mind.

In your DNSfilter tab, set it to router. Then add your pihole MAC address and set it to No filtering, then hit apply.
In your LAN/ DHCP server set the IP address of the pihole in the DNS #1 slot

What do I enter for Custom DNS 1, 2 and 3 in the DNSFilter tab, after selecting Router?

And should the 'Advertise router's IP in addition to user-specified DNS' be enabled on the LAN/DHCP page?
 

New2This

Senior Member
Thank you. I have a couple questions, if you don't mind.



What do I enter for Custom DNS 1, 2 and 3 in the DNSFilter tab, after selecting Router?

And should the 'Advertise router's IP in addition to user-specified DNS' be enabled on the LAN/DHCP page?
I leave those blank custom DNS 1-2-3

No to the other question
 

Starrbuck

Regular Contributor
I can confirm the info here is correct and works great! Thank y'all.
 

ehb224

New Around Here
I was wondering if it's possible to run unbound on the router (I have an RT-AC3100) and run pihole on a Raspberry pi and if so what is the custom DNS to enter in the Pihole setup page. I can confirm that the default of 127.0.0.01#5335 does not work because unbound manager does not set up unbound with that port. I have tried both 127.0.0.1#53535 and the ip of my router 192.168.1.1#53535 which sort of worked but I am not sure if that is how it should be set up. Can anyone help?
 

New2This

Senior Member
I was wondering if it's possible to run unbound on the router (I have an RT-AC3100) and run pihole on a Raspberry pi and if so what is the custom DNS to enter in the Pihole setup page. I can confirm that the default of 127.0.0.01#5335 does not work because unbound manager does not set up unbound with that port. I have tried both 127.0.0.1#53535 and the ip of my router 192.168.1.1#53535 which sort of worked but I am not sure if that is how it should be set up. Can anyone help?
Why not just run Unbound on your raspberry pi along with Pihole?
 

pdc

Regular Contributor
I have tried both 127.0.0.1#53535 [...]
That didn't work because 127.0.0.1 is localhost, i.e. local to your raspberry pi, and unbound is running on your router.

the ip of my router 192.168.1.1#53535 which sort of worked but I am not sure if that is how it should be set up. Can anyone help?
Assuming you kept the default port for unbound manager, that configuration should be working. The charts and graphs should give you an idea.

As others have mentioned, running unbound on the pi is also possible, and the pi typically will have more memory for caching. But there's nothing wrong with running it on your router, and the setup is very easy.
 

ehb224

New Around Here
Why not just run Unbound on your raspberry pi along with Pihole?
That is what I was previously doing for years now. However, Unbound Manager has the option for Youtube Ad Blocking and it works well. I would like to keep that. However, I do not like Unbound ad blocking nor do I like Diversion.
 

ehb224

New Around Here
I have solved the problem. I had to edit the unbound.conf on the router and add the line
'"interface: [email protected]"
to the server section of the file (192.168.1.1 is the IP of the RT-AC3100). Before I put that line in I was not getting ad blocking.

I then pointed Pihole to use "[email protected]" as my upstream DNS server. Ad blocking is working perfectly and so is YouTube ad blocking. I am using Cloudflare servers for my WAN DNS servers (which I also used when unbound was running on the Pi) and have confirmed with DIG and LeakTest that unbound is working correctly.

Thank to everyone that responded to help me solve this issue. It's appreciated.
 

Wisiwyg

Senior Member
Followed the instructions here and the links to install Pi-Hole and Unbound. All seems to be working well, didn't decrease throughput. 1gb service getting ~960mb throughput via AX88U QOS tab for internet speed.
I added additional servers to include Malware, other block lists and added a Blacklist REGEX filter to block malicious countries as a whole... ru, cn, pk, etcetera.
TIA all.
 

cptnoblivious

Regular Contributor
Followed the instructions here and the links to install Pi-Hole and Unbound. All seems to be working well, didn't decrease throughput. 1gb service getting ~960mb throughput via AX88U QOS tab for internet speed.
I added additional servers to include Malware, other block lists and added a Blacklist REGEX filter to block malicious countries as a whole... ru, cn, pk, etcetera.
TIA all.
I don't get why people talk about throughput and DNS resolution / DNS ad-blocking together. :)
 

Wisiwyg

Senior Member
'cause prior to installing Pi-Hole I was using Diversion and Skynet scripts on the router itself. The 1gb service would only hit 500-600mb max. Offloading Ad-blocking and Malicious file blocking to a filtering DNS freed up router CPU resources.
 

cptnoblivious

Regular Contributor
'cause prior to installing Pi-Hole I was using Diversion and Skynet scripts on the router itself. The 1gb service would only hit 500-600mb max. Offloading Ad-blocking and Malicious file blocking to a filtering DNS freed up router CPU resources.
Thanks for clarifying that :)
 

Wisiwyg

Senior Member
Thanks for clarifying that :)
No worries... I should have provided more backdrop on why I was implementing it.

And I should also say that I'm using a RPi 4B/8, a RPi 4 because of the 1G ethernet port. Even though the 3B has a '1gb' ethernet port, its limited by the USB2 chipset it pipes thorugh to ~300mb actual throughput. The 960mb throughput I'm seeing on router speedtest is through the RPi 4 1gb port. I'm still amazed it can achieve this throughput on a single port... I'd guessed it would hit ~450mb because it the single port handles both in and out-bound traffic - internet in from WAN --> through Pi-Hole --> screened internet back out to the LAN. I even went sofar as to purchase a 1gb USB3 ethernet adapter (if you do this read up, certain chipsets will give full 1gb, some dont) that I was planning to add as either in/out pipe, but looks like I don't need to. Pretty amazing little thing and application.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top