What's new

Solved Pihole DNS Server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Okay, this thread says "solved," but I've read the entries twice and I remain confused. I have stopped using pihole because:

1. As stated, you cannot put the pihole address in the wan setting.
2. Without a wan DNS setting, the router (with latest software), at least in my experience, just doesn't reconnect on reboot.
3. I do want all dhcp devices to use the pihole exclusively, so I do want the DNS filter (excuse me, director) set.

Can someone please create a step by step instruction for running a pihole with Merlin. There may be a myriad of "solutions," but some are for older software versions and others seem contradictory and maybe not using the DNS Director. One good post could put this problem to bed. Thanks.

P.S. For extra credit also include the inclusion of native IPV6.
 
The issue I had was solved by not adding the pihole dns address in the WAN section.. only in the LAN DHCP.
So my issue was solved.

With regards to yours wanting for your devices to use Pihole's DHCP, Im sure someone here will assist with that, but they might tell you start your own thread since you have a different issue.
 
Okay, this thread says "solved," but I've read the entries twice and I remain confused. I have stopped using pihole because:

1. As stated, you cannot put the pihole address in the wan setting.
Umm, the sceptic in me made me try this! While it's not a setup that I'd use or recommend I can actually get everything working by turning off DoT and placing the PiHole address in regular WAN DNS server fields - WEBUI allows it, and it does work (if you don't overcomplicate things - Keep It SimpleS). *Please - no one needs to tell me why you shouldn't do this, I understand why and agree*
 
Okay, this thread says "solved," but I've read the entries twice and I remain confused. I have stopped using pihole because:

1. As stated, you cannot put the pihole address in the wan setting.
2. Without a wan DNS setting, the router (with latest software), at least in my experience, just doesn't reconnect on reboot.
3. I do want all dhcp devices to use the pihole exclusively, so I do want the DNS filter (excuse me, director) set.
You do not need to use Pi-Hole in the WAN DNS fields. If you do use the WAN DNS fields, it creates the potential for feedback loop if you enable "Use Conditional Forwarding" within Pi-Hole. As previously posted, Pi-Hole Documentation does not recommend that WAN DNS setting (see this link) they recommend using LAN DNS only. The Pi-Hole Documentation explains why it's better to use the LAN DNS rather than WAN DNS. You can put any other public or your broadband provider's DNS servers into the WAN DNS fields. If you have an Assign button for the WAN DNS fields then click on it and choose your WAN DNS server from the list.

wanassigndns.jpg


If you need to setup Pi-Hole and want to see how others did it, use the forum search. For example my basic Pi-Hole setup on Asus is shown here and here. Or start a NEW thread outlining your issues.
 
Last edited:
Can someone please create a step by step instruction for running a pihole with Merlin.
A few different ways to do it. The way I do it myself, where I only want my mobile devices to go through PiHole:

1) WAN set to ISP DNS
2) PiHole upstream DNS set to router IP
3) DHCP reservations on my router set to point these mobile clients to the PiHole IP for DNS

This setup allows mobile devices to benefit from PiHole, while also still being able to resolve LAN names.


If you want to cover the whole LAN:

1) WAN set to ISP DNS
2) PiHole upstream DNS set to router IP
3) DNS Director set to force the use of the PiHole IP (per client or globally), or LAN DNS set to PiHole IP
 
You do not need to use Pi-Hole in the WAN DNS fields. If you do use the WAN DNS fields, it creates the potential for feedback loop if you enable "Use Conditional Forwarding" within Pi-Hole. As previously posted, Pi-Hole Documentation does not recommend that WAN DNS setting (see this link) they recommend using LAN DNS only. The Pi-Hole Documentation explains why it's better to use the LAN DNS rather than WAN DNS. You can put any other public or your broadband provider's DNS servers into the WAN DNS fields. If you have an Assign button for the WAN DNS fields then click on it and choose your WAN DNS server from the list.

View attachment 46082

If you need to setup Pi-Hole and want to see how others did it, use the forum search. For example my basic Pi-Hole setup on Asus is shown here and here. Or start a NEW thread outlining your issues.
Pihole can be added to WAN, but you have to take additional precautions router side using "local=" options (e.g. local=/168.192.in-addr.arpa/ and local=/Some-Network/)inside dnsmasq.conf.add or dnsmasq.postconf to ensure the conditional forwarding from pihole does not go any further than the routers DNSMASQ instance.

The benefits of using WAN instead of LAN, is that the router can advertise EDNS client information to PiHole via dnsmasq edns sharing options add-subnet=32,128 & add-mac which would also be added via dnsmasq.conf.add or dnsmasq.postconf to the routers DNSMASQ instance. PiHole can read EDNS information to better identify client traffic thus breaking the- "oh my queries all look like they are coming from the router".

In addition to my spill above - Pihole can then be told to use

1670394966756.png


which it cannot use these options if you decide to tell each client to use PIhole as LAN DNS.

1670395380837.png

1670395477598.png

1670395401378.png


Aside from the stipulations above, the other main stipulation of using WAN DNS instead of LAN DNS is that you do not want to use both. If you set WAN DNS to pihole, then leave your LAN DNS set to router only.

Then let's not forget about our upstream unbound instance and conditional forwarding arguments.

1670396772179.png
 
Last edited:
You do not need to use Pi-Hole in the WAN DNS fields. If you do use the WAN DNS fields, it creates the potential for feedback loop if you enable "Use Conditional Forwarding" within Pi-Hole. As previously posted, Pi-Hole Documentation does not recommend that WAN DNS setting (see this link) they recommend using LAN DNS only. The Pi-Hole Documentation explains why it's better to use the LAN DNS rather than WAN DNS.
Side-Notes: The guide shared by @bennor is great for Asus routers running Asuswrt Stock Firmware. However, it doesn't fully appreciate the ability to use Custom Scripts with Asuswrt-Merlin Firmware.

For Asus Routers running Stock Firmware the guide quite accurately represents the only solution- the documentation on their webside does recommend for basic setup to use LAN DNS as oppose to WAN DNS if you don't plan to use pihole as a DHCP server; however, one of the main developers published a guide on how to use pihole in WAN dns via OPNsense here:


The same can be done with Asuswrt-Merlin and custom scripts.

Some of the steps may appear identical; however, there is more than one solution to solve this particular problem. The solutions cannot be used or combined together like some people try to do. Typically those that wind up breaking their DNS are those that try to mix and match solutions that are not complementary - a.k.a trying to put pihole in both LAN and WAN DNS slots.
 
Last edited:
So a reboot of the router will do, or reboot all devices?

This is a test. I would reboot/shutdown and restart all devices and see if any of them get internet access. If not, you don't need to repeat again here, if all/some work, try to figure out why.
 
Concerning my issue, I have to say that I have been too impatient. It just took unexpected long for my router to connect to the ISP (5 minutes). So, problem solved for me too. Sorry for that and thanks for trying to help me!
 
5 minutes is unexpectedly long?

I let routers settle down (with no judgement) for 10 to 15 minutes after they're fully powered up before testing anything. ;)
 
5 minutes is unexpectedly long?

I let routers settle down (with no judgement) for 10 to 15 minutes after they're fully powered up before testing anything. ;)
For about five minutes, I give the router words of encouragement....

For the remaining 10 to 15, observe the memories , cpu usages, and logs....

I got a stop watch and a whistle for these types of situations- i.e. racing conditions....
 
Last edited:
No WoE is needed for inanimate objects.

I also don't interfere with the router at all for those few minutes. Let it fully boot up, and let it complete any outstanding processes as needed, no need to give it another excuse for not being ready in that timeframe by me looking for problems that aren't there (yet).
 
A few different ways to do it. The way I do it myself, where I only want my mobile devices to go through PiHole:

1) WAN set to ISP DNS
2) PiHole upstream DNS set to router IP
3) DHCP reservations on my router set to point these mobile clients to the PiHole IP for DNS

This setup allows mobile devices to benefit from PiHole, while also still being able to resolve LAN names.


If you want to cover the whole LAN:

1) WAN set to ISP DNS
2) PiHole upstream DNS set to router IP
3) DNS Director set to force the use of the PiHole IP (per client or globally), or LAN DNS set to PiHole IP
Can't figure out what i am doing wrong in my pihole / vpn setup (Accept DNS Configuration: Disabled with VPN Director policy rules) and how to have no DNS leaks on my GT-AX6000.
Tried your variations but the moment i add my ISP to WAN DNS the DNS leaks are flooding in.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top