Entware Pi-hole directly on the router? Yes!

[SomeWhereOverTheRainBow]

I nominate @SomeWhereOverTheRainBow for this! He would do amazing!

I appreciate your encouragement, but I don't see where I fit in this puzzle. Yeah sure, I probably could code up something, but isn't it easier to use what is already available now? besides @thelonelycoder has already cooked up something really nice that pretty much does the same thing.

 

[jacklul]

In case anyone wants to give it a go - here is a rough example of the installer.
Left a bunch of comments telling what to improve/add.

The Script - PLEASE DO NOT RUN IT - IT IS NOT TESTED AND A LOT OF STUFF IS MISSING.

 

[Viktor Jaep]

In case anyone wants to give it a go - here is a rough example of the installer.
Left a bunch of comments telling what to improve/add.

The Script - PLEASE DO NOT RUN IT - IT IS NOT TESTED AND A LOT OF STUFF IS MISSING.

If you do run it, you might want to have BACKUPMON on standby... just sayin'.

 

[jacklul]

@bibikalka
There seem to be more work on the memory optimization being done in the FTL repo - https://github.com/pi-hole/FTL/pull/2757
Considering a lot of people put Entware on fast SSDs this PR might reduce memory requirements to use this project significantly.
If this gets merged it will be available in the development version of the package shortly after.

 

[bibikalka]

I appreciate your encouragement, but I don't see where I fit in this puzzle. Yeah sure, I probably could code up something, but isn't it easier to use what is already available now? besides @thelonelycoder has already cooked up something really nice that pretty much does the same thing.

You seem to refer to Diversion vs PiHole?
I think once you go with PiHole on Merlin, you'll never look back - it's just far more polished and lots more features
Diversion was really great for its time, but given that routers became beefier there is no problem running the heavier PiHole!

 

[dave14305]

Diversion was really great for its time, but given that routers became beefier there is no problem running the heavier PiHole!

Your enthusiasm for Pi-Hole is admirable, but your insinuation that Diversion’s time has passed is laughable and absurd. This Pi-Hole project is experimental and fragile on any Asus router. Diversion and dnsmasq are mainstream and have an A+ track record.

EDIT: Cheers to @jacklul for sharing the project and getting it to work! I’m impressed with his skills!

 

[eclp]

Your enthusiasm for Pi-Hole is admirable, but your insinuation that Diversion’s time has passed is laughable and absurd. This Pi-Hole project is experimental and fragile on any Asus router. Diversion and dnsmasq are mainstream and have an A+ track record.

EDIT: Cheers to @jacklul for sharing the project and getting it to work! I’m impressed with his skills!

And precisely because it is still experimental and fragile, this project would have especially deserved to be supported by intelligent programmers and developers. No one will be able to deny Pihole's worldwide success and popularity. From this point of view, you are right, Diversion is A+, but overall Pihole will certainly get an A+++++.
Just look at the global Pihole community.

 

[Viktor Jaep]

And precisely because it is still experimental and fragile, this project would have especially deserved to be supported by intelligent programmers and developers. No one will be able to deny Pihole's worldwide success and popularity. From this point of view, you are right, Diversion is A+, but overall Pihole will certainly get an A+++++.
Just look at the global Pihole community.

So there, @dave14305

 

[jacklul]

And precisely because it is still experimental and fragile, this project would have especially deserved to be supported by intelligent programmers and developers. No one will be able to deny Pihole's worldwide success and popularity. From this point of view, you are right, Diversion is A+, but overall Pihole will certainly get an A+++++.
Just look at the global Pihole community.

"Use the right tool for the job"
When it comes to blocking it will probably have the same results (although I'm not sure if Diversion uses CNAME inspection to catch sneaky ad subdomains).

There is a lot of Pi-hole users and then there is a lot of AdGuard Home users who choose to switch over because it's easier to configure than Pi-hole and has less potential issues.
I personally think the fact that Pi-hole still relies heavily on bash scripts to do certain tasks is holding it back a bit and create few issues.
Hopefully they will integrate it into the main binary just like they did with the webserver in the future.

 

[bibikalka]

And precisely because it is still experimental and fragile, this project would have especially deserved to be supported by intelligent programmers and developers. No one will be able to deny Pihole's worldwide success and popularity. From this point of view, you are right, Diversion is A+, but overall Pihole will certainly get an A+++++.
Just look at the global Pihole community.

The only fragile part is the installer so far. Otherwise the compiled binary just runs and runs

I needed to block different domains for different devices, PiHole provides such granularity. That's all there is to it.

 

[eclp]

@jacklul

Something off-topic:

As a test I installed Pihole & unbound on a Raspberry Pi (of course the interfaces part works here). However, that is not what I am about with this question. When this setup is installed on the router, all "top clients" are listed in the Pihole UI. Unfortunately not on the Raspberry, the router is the only top client here. Is there a way or tweak to change this so that all clients are also listed on the Raspberry with Pihole (without Pihole DHCP)?

 

[jacklul]

@jacklul

Something off-topic:

As a test I installed Pihole & unbound on a Raspberry Pi (of course the interfaces part works here). However, that is not what I am about with this question. When this setup is installed on the router, all "top clients" are listed in the Pihole UI. Unfortunately not on the Raspberry, the router is the only top client here. Is there a way or tweak to change this so that all clients are also listed on the Raspberry with Pihole (without Pihole DHCP)?

View attachment 70228

That's because router advertises itself as the DNS server and forwards all queries.
You will have to set the IP of the Pi-hole as the DNS server on the DHCP page of ASUS gui.

Alternatively, you can use a trick I'm using in Install on ASUS stock firmware:
- add add-subnet=32,128 and add-mac=text to dnsmasq config on the router
- add strip-subnet and strip-mac to misc.dnsmasq_lines in Pi-hole

Most public DNS servers will deny your queries when they contain MAC or subnet information.

 

[eclp]

That's because router advertises itself as the DNS server and forwards all queries.
You will have to set the IP of the Pi-hole as the DNS server on the DHCP page of ASUS gui.

This setting was clear to me, Pihole & unbound also work great.

Alternatively, you can use a trick I'm using in Install on ASUS stock firmware:
- add add-subnet=32,128 and add-mac=text to dnsmasq config on the router
- add strip-subnet and strip-mac to misc.dnsmasq_lines in Pi-hole

Most public DNS servers will deny your queries when they contain MAC or subnet information.

Unfortunately, the trick doesn't work, maybe it's because of Merlin. Very unfortunate, because when Pihole runs on the router all top clients are displayed. Something is always...

 

[dave14305]

Unfortunately, the trick doesn't work, maybe it's because of Merlin

Are you using DNS Director? That might contribute to the misidentification of clients.

 

[eclp]

Are you using DNS Director? That might contribute to the misidentification of clients.

Yes, DNS Director, (Global Redirection, User defined DNS 1). Or do I have to use the Pihole IP on LAN/ DNS and WINS Server Setting DNS Server 1 instead?

 

[dave14305]

Yes, DNS Director, (Global Redirection, User defined DNS 1). Or do I have to use the Pihole IP on LAN/ DNS and WINS Server Setting DNS Server 1 instead?

Yes, you want clients to get the Pi-Hole IP via DHCP DNS usually. But don’t bother if you’re going to change back to the router PiHole soon.

 

[bennor]

@jacklul
.... the router is the only top client here.

Not sure you need to use the Conditional Forwarding Pi-Hole setting when running Pi-Hole on the router, but when using Pi-Hole on a Raspberry Pi it helps to use the Pi-Hole Conditional Forwarding option so it parses the router for the network clients rather than just listing the router as the client/DNS source.

In the Pi-Hole DNS Settings Conditional Forwarding field one would input the network client information for each of the networks configured on the router (including separate IP subnet Guest Network Pro profiles.

Example used by Pi-Hole instructions: true,192.168.0.0/24,192.168.0.1,fritz.box
Example of Raspberry Pi-Hole (main LAN and two Guest Network Pro profiles):

true,192.168.1.0/24,192.168.1.1,lan
true,192.168.52.0/24,192.168.1.1,lan
true,192.168.53.0/24,192.168.1.1,lan

 

[eclp]

@bennor
Thank you! But I had already entered it exactly like that.

true,192.168.1.0/24,192.168.1.1,lan

Unfortunately, it doesn't change anything with "top clients"

 

[jacklul]

I believe conditional forwarding only makes it so that Pi-hole dashboard can resolve client names.

Unfortunately, the trick doesn't work, maybe it's because of Merlin. Very unfortunate, because when Pihole runs on the router all top clients are displayed. Something is always...

It shouldn't really matter if it is Merlin's firmware or not.
For clarity - the dnsmasq config options have to be added on the router that is acting as DHCP using dnsmasq.add script.

 

[eclp]

Yes, you want clients to get the Pi-Hole IP via DHCP DNS usually. But don’t bother if you’re going to change back to the router PiHole soon.

Works... but then generates DNS leaks
Because you persistently refuse to dedicate yourself to this great project, I just have to temporarily switch to a Pi. You would certainly have a lot to contribute.