Entware Pi-hole directly on the router? Yes!

[jacklul]

You could try modifying /opt/bin/pihole by inserting debug info in those specific lines:

# In the case of alpine running in a container, the USER variable appears to be blank
# which prevents the next trap from working correctly. Set it by running whoami
if [[ -z ${USER} ]]; then
  USER=$(whoami)
fi

echo "USER = $USER"
echo "EUID = $EUID"
echo "UID = $UID"
echo "SHELL = $SHELL"
echo "PWD = $PWD"
echo "HOME = $HOME"
echo "PPID = $PPID"

# Check if the current user is not root and if the command
# requires root. If so, exit with an error message.
# Add an exception for the user "pihole" to allow the webserver running gravity
if [[ ( $EUID -ne 0 && ${USER} != "pihole" ) && -n "${need_root}" ]]; then
  echo -e "  ${CROSS} This Pi-hole command requires root privileges, try:"
  echo -e "      ${COL_GREEN}sudo pihole $*${COL_NC}"
  exit 1
fi

And retrying from the web UI and posting the output.
For me this outputs pihole user correctly.

 

[heysoundude]

Hmmm...I'm using a merlin-flashed AC86 as a wired switch on my network. amtm on it is up to date and I could easily add a drive for a swap/entware to run this script/package, since I haven't put any ad-blocking etc on my main router when it was commissioned...
do I need an experiment/source of stress and amusement? I may just...

 

[jacklul]

Pi-hole released few patch releases so the package got updated once again: 2025.10.28-1
@heslo gravity update issue should be gone in this one

 

[heslo]

Pi-hole released few patch releases so the package got updated once again: 2025.10.28-1
@heslo gravity update issue should be gone in this one

Bingo! Whatever it was, it's fixed now! Cheers

 

[JGrana]

Hmmm...I'm using a merlin-flashed AC86 as a wired switch on my network. amtm on it is up to date and I could easily add a drive for a swap/entware to run this script/package, since I haven't put any ad-blocking etc on my main router when it was commissioned...
do I need an experiment/source of stress and amusement? I may just...

I have a spare AX58U and was thinking the same thing
I might give it a go this weekend

 

[heysoundude]

I have a spare AX58U and was thinking the same thing
I might give it a go this weekend

I changed my mind when Asus released a firmware update for the AC86 - generally that indicates a vulnerability that needed patching, so I did...and I got some free time back, along with keeping peace in the house lol

 

[JGrana]

I took that spare AX58U, set it up as an Access Point, disabled the radioes. Installed Entware, unbound-manager and Pi-hole.
I must admit, based on @jacklul opk and @bibikalka instructions - install went smoothly. Running happily now with a few test clients (thanks to DNS Director).
The one thing missing is how to have the clients showing up in the Pi-hole web interface. It shows just the router (in my case 192.168.1.1).
I recall there was a thread some time ago and how to get the clients to show up. I did a short search and couldnt find the details.

 

[jacklul]

The one thing missing is how to have the clients showing up in the Pi-hole web interface. It shows just the router (in my case 192.168.1.1).
I recall there was a thread some time ago and how to get the clients to show up. I did a short search and couldnt find the details.

Might not be possible with DNS Director since the requests are being redirected and they will originate from the router (from Pi-hole point of view). I don't think setting up reverse query server in Pi-hole config will help here.
Unsure how exactly DNS Director works on the backend but if it could append MAC and IP to the query then Pi-hole will use that information.
For example, if you look at the stock install page on the wiki you will see I'm using "add-subnet" and "add-mac" dnsmasq variables to take advantage of this.

 

[JGrana]

The one way I have tried which works is to disable “Advertise router's IP in addition to user-specified DNS” under LAN-DHCP Server.
Not sure the residual effects since the default is to advertise. With this setting off, I’m not sure DNS Director even comes into play…

 

[jacklul]

The one way I have tried which works is to disable “Advertise router's IP in addition to user-specified DNS” under LAN-DHCP Server.
Not sure the residual effects since the default is to advertise. With this setting off, I’m not sure DNS Director even comes into play…

I assume DNS Director is inheriting some of the DNS Filter code (or whatever that Asus feature was called).
I think it used iptables DNAT rules so that option shouldn't matter