Pihole DNS

[macster2075]

You need a client rule beneath this section to let your PiHole send DNS requests without being filtered back to…wait for it,,,the PiHole IP. You would end up with a devastating DNS loop.

ok.. and that rule is placed where and how..
This reminds of a an episode of The Office where Oscar is trying to explain to Micheal what a surplus is hehe..
Michael says, why don't you explain it to me like I was 5.

 

[dave14305]

ok.. and that rule is placed where and how..

In the Client List section of DNSFilter.

 

[macster2075]

In the Client List section of DNSFilter.

oh that's what you mean.. yeah, that's how I had it before when I said I had to manually point every device to use pihole.
What I'm trying to do is to have all devices that connect to the router use pihole, but force them to it and prevent any device from using their own dns server.

I noticed that when I set the pihole dns in the LAN dns, it does what Im asking, but it allows for devices to bypass pihole by changing the dns server in windows.

 

[dave14305]

on that's what you mean.. yeah, that's how I had it before when I said I had to manually point every device to use pihole.

You need one entry only, for the PiHole device, set to No Filtering.

 

[macster2075]

You need one entry only, for the PiHole device, set to No Filtering.

like this...

 

[macster2075]

no wait.. that pic doesn't make any sense... I don't understand what you mean.

 

[dave14305]

no wait.. that pic doesn't make any sense... I don't understand what you mean.

Put your Ubuntu device in this section with No Filtering.

 

[macster2075]

Put your Ubuntu device in this section with No Filtering.

View attachment 36198

Ok this restored Internet and devices are connected to the Pihole….but I lose the SafeSearch feature even though I have added it to the Pihole…is there something Im missing?

 

[bennor]

@macster2075
It is probably a good idea, if you are still having issues, to go back and start from scratch (including removing any previous custom changes on the router to run Pi-Hole or other features that were enabled like SafeSearch) on configuring the router settings for Pi-Hole. There were one or two posts on the first page (like mine) that explained how to do an initial basic setup including how to setup the DNS Director section. Do that first and see if things work. Then proceed to modify your settings as needed for your specific needs. Generally is very simple to get a Pi-Hole up and running on the router by inputting the proper information into the LAN DNS and DNS Director sections.

One doesn't need to run Pi-Hole on a "beefier" device, it runs just fine on low power/limited hardware cheap devices like the Raspberry Pi Zero.

What follows are my settings, others may/will have different settings. My settings may not be the best way to do things but they have been working for several years in my use. (Note I do not use Pi-Hole's IP address in my WAN DNS fields.)

LAN > DNS page:

LAN > DNS Director page (note I already have two Pi-Hole MAC addresses input):

Remember to hit the apply button to save your changes on the Asus-Merlin screens.

Some examples from my Pi-Hole administration screen. Note I run Pi-Hole (and Unbound) on a Pi Zero W. In the Query Log most times the client names are properly indicated. Once in a while the router IP shows up when the DNS Director triggered. Otherwise the client names are properly shown.

How I have the Pi-Hole DNS settings configured (for my use, your/others may or will be different). I am using Unbound as indicated by the custom DNS.

Note: Post updated to reflect later firmware change from DNS Filter to DNS Director.

 

[GHammer]

@macster2075




How I have the Pi-Hole DNS settings configured (for my use, your/others may or will be different). I am using Unbound as indicated by the custom DNS.

I'd only disagree with the conditional forwarding.

Mine looks like this and it does in fact use the router for reverse lookups.

 

[macster2075]

@macster2075
It is probably a good idea, if you are still having issues, to go back and start from scratch (including removing any previous custom changes on the router to run Pi-Hole or other features that were enabled like SafeSearch) on configuring the router settings for Pi-Hole. There were one or two posts on the first page (like mine) that explained how to do an initial basic setup including how to setup the DNSFilter section. Do that first and see if things work. Then proceed to modify your settings as needed for your specific needs. Generally is very simple to get a Pi-Hole up and running on the router by inputting the proper information into the LAN DNS and DNSFilter sections.

One doesn't need to run Pi-Hole on a "beefier" device, it runs just fine on low power/limited hardware cheap devices like the Raspberry Pi Zero.

What follows are my settings, others may/will have different settings. My settings may not be the best way to do things but they have been working for several years in my use. (Note I do not use Pi-Hole's IP address in my WAN DNS fields.)

LAN > DNS page:
View attachment 36199

LAN > DNSFilter page (note I already have two Pi-Hole MAC addresses input):
View attachment 36200

Remember to hit the apply button to save your changes on the Asus-Merlin screens.

Some examples from my Pi-Hole administration screen. Note I run Pi-Hole (and Unbound) on a Pi Zero W. In the Query Log most times the client names are properly indicated. Once in a while the router IP shows up when the DNSFilter is triggered. Otherwise the client names are properly shown.

View attachment 36201

How I have the Pi-Hole DNS settings configured (for my use, your/others may or will be different). I am using Unbound as indicated by the custom DNS.

View attachment 36202

I basically have it the same as yours except I am not using unbound as I prefer to use OpenDns.
Pihole is working…the one thing missing is…if I set it the way I have it now which is how you suggested…SeafeSearch stops working

 

[macster2075]

I don’t understand how SafeSearch is not being implemented when Pihole has this…

 

[bennor]

I'd only disagree with the conditional forwarding.

You disagree with conditional forwarding, yet you have "use conditional forwarding" enabled per your screen capture?

In any case everyone will have different configurations or needs. For the OP the key is to get the basics configured then figure out why specific features or elements they want don't or are not working. Conditional forwarding is what it is. Some use it others don't.

 

[bennor]

I don’t understand how SafeSearch is not being implemented when Pihole has this…

Based on various posted elsewhere it appears people were manually configuring dnsmasq (or creating a file for dnsmasq to read) to enforce the safesearch option. It appears people were having trouble using the Pi-Hole interface so they resorted to manually making changes under the hood. Others were using CloudFlare's safe search servers. See here for more information: https://one.one.one.one/family/

Some discussion (if you haven't seen it already):

https://www.reddit.com/r/pihole/comments/ia42eg

There is supposedly this script that may automate it for Pi-Hole: https://github.com/jaykepeters/pss

Force kids device to Google SafeSearch and Safe Youtube - xFelix

Leveraging Pi-Hole, you can force kids to redirect google search traffic to google safesearch, safe…

www.xfelix.com

In the end this appears to be a Pi-Hole issue and not a router/Merlin issue.

 

[GHammer]

You disagree with conditional forwarding, yet you have "use conditional forwarding" enabled per your screen capture?

In any case everyone will have different configurations or needs. For the OP the key is to get the basics configured then figure out why specific features or elements they want don't or are not working. Conditional forwarding is what it is. Some use it others don't.

I disagree with your conditional forwarding setting as the router will not provide reverse lookup without that.
Setting something up as close to your desired outcome is much easier than setting up incorrectly for your need then poking this and that to get where you want to be.

 

[Vexira]

You might want to look into ad guard home it has the feature you desire.

 

[Mr. Boniato]

View attachment 36193
View attachment 36194

This is pihole

View attachment 36195

hello- I need some clarification please. I have similar setup, but mine is little bit different.
I see you have selected an upstream dns server in pihole gui as I see on your picture were you use openDNS.

What is the difference on doing it this way vs just adding the router ip (192.168.1.1) in the custom field IPV4?

doesn't this mean the pihole will behave in the same way in both ways?
pc ---> pihole --- >upstream dns?

 

[macster2075]

hmm.. do you mean like this?
I tried it this way and it works fine for me, but I am not sure if it's correct or not.
I am using Pihole's GUI to select the Upstream, because that's what you use when setting up Pihole.

 

[Tech9]

What upstream DNS server is your gateway IP address?

 

[Mr. Boniato]

I like to use clean browsing to block adult content
185.228.168.10
185.228.169.11