R7800 looking to integrate pihole for DNS

toycar69

New Around Here
Hi there,
I've got an Netgear R7800, and I'm looking to use pi-hole on my local network for DNS / blocking / parental control.

I'm having an issue in that DHCP on the R7800 is giving clients it's own IP address as a DNS server, then forwarding the requests to pi-hole, so the pi-hole server can't identify the clients.

I don't think I can change the DHCP settings in the R7800 to set pi-hole as the primary DNS for the clients in the GUI, and my firmware doesn't allow telnet enable due to firmware upgrade. NTE doesn't seem to work to allow telnet either.

Is there a way to do this with the standard firmware? If not, would a custom firmware e.g. Voxel allow me to do this?

I'm keen to keep DHCP on the R7800 at the moment, and have a backup DNS option as the pi-hole is currently experimental for me. I also can't use unstable firmware on the R7800 as I'm working from home full time.

Thanks for any advice!
 

toycar69

New Around Here

Just set it as your pihole and skip the 2nd DNS entry or use pihole in both.
thanks Tech Junky,
unfortunately although setting the DNS in R7800 to pihole, the clients still receive the R7800 IP address as a DNS server, and this forwards the query to pihole. This means pihole only ever sees a single client IP (the R7800) and I can't apply different filtering to e.g. child and adult devices.

I'm fairly sure my options are:
1) change the dnsmasq option on the R7800, but this needs telnet acces
2) use pihole as DHCP, and disable DHCP on R7800.

I'd rather not rely on pihole for DHCP yet, as I'm still experimenting.

Thanks for any advice.
 

Tech Junky

Very Senior Member
You could set the clients manually.

I built my own DIY router out of a PC and have a lot more control over the network. I have ALL DNS info populated in pihole at this point including the server itself. Then it all goes out over VPN as well.

Since the server is the DNS / DHCP server being able to specify the IP info being handed out to the clients is easy compared to captive router OS options. You might be able to change the behavior using a different OS like Voxel / tomato / etc.

1667580692324.png


Prior to setting the VPN DNS >> 192.168.0.2 it was letting out queries to whatever DNS I had setup in the VPN client. I was missing all of the local originated DNS attempts. There is quite a bit of info to be gleaned by the attempts when trying to pin something down.

The quick and easy way would just be disable DHCP on the R7800 and turn it on in pihole.

I run DHCP off the DIY box instead of pihole though for separation of duties if I have an issue with pihole the whole network doesn't just die because DNS isn't working. I can change the info on the DIY box to point to Google while working on pihole. There's occasionally issues with pihole updates I've run into over the years but, they've been relatively easy to figure out and resolve. Some have been a real PITA though like a recent Ubuntu release ditched resolveconf in favor of systemd-resolve and pihole doesn't use that and died until I downloaded and installed resolveconf manually and disabled the other. While a novice might not catch that dependency / issue it easy to catch with netstat and seeing what was using port 53.

1667581283387.png
 

fossil

Regular Contributor
thanks Tech Junky,
unfortunately although setting the DNS in R7800 to pihole, the clients still receive the R7800 IP address as a DNS server, and this forwards the query to pihole. This means pihole only ever sees a single client IP (the R7800) and I can't apply different filtering to e.g. child and adult devices.

I'm fairly sure my options are:
1) change the dnsmasq option on the R7800, but this needs telnet acces
2) use pihole as DHCP, and disable DHCP on R7800.

I'd rather not rely on pihole for DHCP yet, as I'm still experimenting.

Thanks for any advice.
UI does not have any option to change lan-dns. Internet Setup > DNS is wan-dns, it is not same as lan-dns. Even though you changed it, your lan-dns still remains your router IP. That is why you are seeing router IP in your pihole logs. You can even validate this by checking DNS server from any client, it will be your router IP.

You need to get telnet/ssh access to change lan-dns. You have 2 options:
1 - If you want to use Stock firmware, you will have to use firmware Ver 1.0.2.68. This is the last version that supports Telnet.
2 - Use latest voxel firmware Ver 1.0.2.98SF. All versions of Voxel's firmware supports Telnet & even SSH (you have to setup SSH using Voxel's Readme doc)

Once you get the telnet/ssh access:
Code:
Edit File: /etc/init.d/net-lan
Find Line: option dns $($CONFIG get lan_ipaddr)
Replace With: option dns PI-IP
(Example: option dns 10.1.100.3)

That's it. Reboot your router. Your logs will have corresponding client IP. You can validate it by checking DNS server from any client, it will be the IP of your pi.

https://www.voxel-firmware.com/Downloads/Voxel/html/r7800.html
https://www.voxel-firmware.com/Downloads/Voxel/readme.pdf
 

toycar69

New Around Here
UI does not have any option to change lan-dns. Internet Setup > DNS is wan-dns, it is not same as lan-dns. Even though you changed it, your lan-dns still remains your router IP. That is why you are seeing router IP in your pihole logs. You can even validate this by checking DNS server from any client, it will be your router IP.

You need to get telnet/ssh access to change lan-dns. You have 2 options:
1 - If you want to use Stock firmware, you will have to use firmware Ver 1.0.2.68. This is the last version that supports Telnet.
2 - Use latest voxel firmware Ver 1.0.2.98SF. All versions of Voxel's firmware supports Telnet & even SSH (you have to setup SSH using Voxel's Readme doc)

Once you get the telnet/ssh access:
Code:
Edit File: /etc/init.d/net-lan
Find Line: option dns $($CONFIG get lan_ipaddr)
Replace With: option dns PI-IP
(Example: option dns 10.1.100.3)

That's it. Reboot your router. Your logs will have corresponding client IP. You can validate it by checking DNS server from any client, it will be the IP of your pi.

https://www.voxel-firmware.com/Downloads/Voxel/html/r7800.html
https://www.voxel-firmware.com/Downloads/Voxel/readme.pdf
Thanks fossil, that's just what I needed to hear.

Probably a stupid question, as I know a lot of people are using Voxel's firmware: Are there any stability issues? I'd imagine it's pretty stable as it's based on stock with some additions.

Thanks again!
 

fossil

Regular Contributor
I am using it for years like many other folks here. Most stable firmware for R7800. Only time I reboot router is after firmware update. Give it a try and you will feel the difference.
 

kamoj

Very Senior Member
UI does not have any option to change lan-dns. Internet Setup > DNS is wan-dns, it is not same as lan-dns. Even though you changed it, your lan-dns still remains your router IP. That is why you are seeing router IP in your pihole logs. You can even validate this by checking DNS server from any client, it will be your router IP.

You need to get telnet/ssh access to change lan-dns. You have 2 options:
1 - If you want to use Stock firmware, you will have to use firmware Ver 1.0.2.68. This is the last version that supports Telnet.
2 - Use latest voxel firmware Ver 1.0.2.98SF. All versions of Voxel's firmware supports Telnet & even SSH (you have to setup SSH using Voxel's Readme doc)

Once you get the telnet/ssh access:
Code:
Edit File: /etc/init.d/net-lan
Find Line: option dns $($CONFIG get lan_ipaddr)
Replace With: option dns PI-IP
(Example: option dns 10.1.100.3)

That's it. Reboot your router. Your logs will have corresponding client IP. You can validate it by checking DNS server from any client, it will be the IP of your pi.

https://www.voxel-firmware.com/Downloads/Voxel/html/r7800.html
https://www.voxel-firmware.com/Downloads/Voxel/readme.pdf

You can also use the Kamoj add-on for this (Requires Voxel FW).
See:
Kamoj Menu: Settings: DHCP DNS Options:
Custom DNS
 

toycar69

New Around Here
Thanks Kamoj and Fossil. I've finally installed the latest Voxel firmware. It's difficult with a wife working from home full time, and a teenager who lives on the Internet the rest of the day! :D

I've updated the DNS settings on the R7800, so now the router is using the ISP DNS, but DHCP is giving the clients my pihole as primary, with the R7800 as a backup for if I have to take the pihole down for maintenance.

The Kamoj addon looks very interesting, especially as it now seems to support adguard home. I've looked at the instructions, and I can only see the link for the original 2019 version of the addon. How can I get access to the current version?

Many thanks,
TC
 

foo man

Regular Contributor
How can I get access to the current version?

Many thanks,
TC
You must become a beta tester. Read the OP here:
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top