Router DNS settings with Pi-Hole and Unbound

MamaLing

Occasional Visitor
Hi y'all!

I'd like someone who is more knowledgeable than me to review my Asus RT-AC68U router's DNS settings if they're correct in my configuration. I'm running my own DNS server (Pi-Hole and Unbound) on my home server, but I'm not sure about my router settings are correct. I'm looking to secure my network with the best privacy settings. DHCP server is also on my home server.

This is a screenshot of my current settings on the router:
screencapture-192-168-1-1-Advanced-WAN-Content-asp-2022-09-13-07_33_12.png


Pi-Hole settings:
screencapture-192-168-1-5-20392-admin-settings-php-2022-09-13-07_49_04.png


I'm happy to provide more information if needed. Thank you!
 

ColinTaylor

Part of the Furniture
Your screen shots are too small to read. We'd also need to see your LAN - DHCP and LAN - DNSFilter settings. We also need to see your DHCP server's setup.
 
Last edited:

bennor

Very Senior Member
Hi y'all!

I'd like someone who is more knowledgeable than me to review my Asus RT-AC68U router's DNS settings if they're correct in my configuration.
Need better screenshots, cannot read ones posted (too small). See my post at the following link for an example of a basic Pi-Hole + Unbound on a Raspberry Pi with a RT-AC68U setup configuration. Those directions also include DNSFilter setup for Pi-Hole as well.
https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319
And another post of mine from that thread with similar info.
https://www.snbforums.com/threads/pihole-dns.74646/#post-712118

Edit to add: It appears, I assume and if I read the small screen capture right, you have input the Pi-Hole IP address into the WAN DNS field on the router. While Asus may recommend that (see this link), Pi-Hole does not. Pi-Hole recommends instead (see this link) that one input the Pi-Hole's IP address into just the DHCP server's LAN DNS field(s).
 
Last edited:

MamaLing

Occasional Visitor
Hi everyone! I'm sorry for the screenshot size!
These are the original ones:
screencapture-192-168-1-1-Advanced-WAN-Content-asp-2022-09-13-22_13_41.png
screencapture-192-168-1-5-20392-admin-settings-php-2022-09-13-22_14_47.png

screencapture-192-168-1-1-DNSFilter-asp-2022-09-13-22_13_20.png
screencapture-192-168-1-1-Advanced-DHCP-Content-asp-2022-09-13-22_12_46.png
screencapture-192-168-1-5-20392-admin-settings-php-2022-09-13-22_14_20.png
 
Last edited:

ColinTaylor

Part of the Furniture
They're still mostly unreadable.
 

bennor

Very Senior Member
Hi everyone! I'm sorry for the screenshot size!
These are the original ones:
Not sure how your capturing the information but they're still not readable (at least for me). Try using Firefox and it's "screenshot" feature to capture the web page when you are viewing the page at 100% view/zoom level. Or try hosting the image to a image hosting site and embedding/linking the image rather than uploading the image from your computer. Example linking from Imgur where one can click on the image then click again on the expanded image to zoom in.

 
Last edited:

bennor

Very Senior Member
Couple of quick observations:
Any particular reason why you have the Pi-Hole doing the DHCP and not the Asus router?
Any particular reason why you have Bind only to interface eth0 selected on Pi-Hole's DNS page?
 

MamaLing

Occasional Visitor
Couple of quick observations:
Any particular reason why you have the Pi-Hole doing the DHCP and not the Asus router?
Any particular reason why you have Bind only to interface eth0 selected on Pi-Hole's DNS page?
Hi! I'm trying to save the Asus router's resources for the internet connection. I have gigabit internet (940/880 Mbps) and my router still can't produce this speed, opposed to my provider's own router can...but I prefer to use my Asus router, because I'm more familiar with it and it's more customizable.
The reason for the Pi-Hole is "Bind only to interface eth0" because I have several virtual networks on the same machine, additionally there is a always on VPN connection set up to a VPN provider. Basically everything outside of local network is routed through a VPN service.
 

MamaLing

Occasional Visitor
Not sure how your capturing the information but they're still not readable (at least for me). Try using Firefox and it's "screenshot" feature to capture the web page when you are viewing the page at 100% view/zoom level. Or try hosting the image to a image hosting site and embedding/linking the image rather than uploading the image from your computer. Example linking from Imgur where one can click on the image then click again on the expanded image to zoom in.

Thank you! This time I used Firefox + Nimbus capture addon.
This is my current settings, I have reinstalled Pi-Hole due to an error that I couldn't figure out:



So, Pi-Hole+Unbound is the DHCP and DNS server. I'm not sure about DNSSEC - Do I need it? Does it makes sense? I didn't check the conditional forwarding box, because DHCP is handled by Pi-Hole, additionally, I've changed the interface settings to "Allow only local requests".

As of now, these are the settings of my Asus router:




What do you think about this set up?
 

bennor

Very Senior Member
I'm not sure about DNSSEC - Do I need it?
Depending on how you setup and configured Unbound it may already being doing DNSSEC.

Check the Tools menu entry in Pi-Hole, it's indicating you have 13 messages, notifications or alerts there, likely in the Tools > Pi-Hole Diagnosis section.

If you haven't done so already test the Pi-Hole filtering on the network clients to ensure the Pi-Hole working as you expect it to work (block ads, properly resolve DNS lookups, etc.). To test certain items like DNSFiltering one may have to manually change their local network client's DNS entries so the router's DNSFilter picks up the attempt to bypass the Pi-Hole.
 

Linuxer

New Around Here
Hi! I'm trying to save the Asus router's resources for the internet connection. I have gigabit internet (940/880 Mbps) and my router still can't produce this speed, opposed to my provider's own router can...
I have the same router and can hit 1 Gbps pretty easily (by cable) using the router as the DHCP server. I'm not an expert, but I doubt that DHCP takes away significant resources.
 

bennor

Very Senior Member
I have gigabit internet (940/880 Mbps) and my router still can't produce this speed, opposed to my provider's own router can
What speed is the RT-AC68U hitting and how are you measuring the speed? Don't think things like the DHCP server consume much resources compared to things like AIProtection, file sharing, media serving, or other services. Perhaps look at your router settings first to figure out why it's not hitting the speeds the ISP router is hitting. Could be you have a configuration issue and not a resource issue.
 

MamaLing

Occasional Visitor
I have the same router and can hit 1 Gbps pretty easily (by cable) using the router as the DHCP server. I'm not an expert, but I doubt that DHCP takes away significant resources.
I have Verizon 1 Gbps subscription, with their router I can get close to 1 Gbps, with my Asus router, I can do max 650 Mbps download speed. I agree with you about the DHCP, it shouldn't consume that much resources, but I still can't figure out why my router can't handle that speed.
 

MamaLing

Occasional Visitor
What speed is the RT-AC68U hitting and how are you measuring the speed? Don't think things like the DHCP server consume much resources compared to things like AIProtection, file sharing, media serving, or other services. Perhaps look at your router settings first to figure out why it's not hitting the speeds the ISP router is hitting. Could be you have a configuration issue and not a resource issue.
I've turned off AI Protection and any other settings that can consume resources that can slow down the speed. I have Verizon 1 Gbps subscription, but the router can't handle more than 650 Mbps. I tested it on wired connection on my Macbook. I also did several speed test on the router itself:

I restored the router to factory default not long ago and as you can see the download speed is around 200 Mbps. I really don't know why is this. I begin to believe that the router is faulty.
 

dave14305

Part of the Furniture
Look on the Tools / Sysinfo page at the Network section near the bottom. Post a screenshot of that section, showing the Hardware Acceleration status and Ethernet ports.
 

L&LD

Part of the Furniture
That RT-AC68U is kind of long in the tooth. 1Gbps speeds is beyond its capabilities in today's network environments.
 

bennor

Very Senior Member
I've turned off AI Protection and any other settings that can consume resources that can slow down the speed. I have Verizon 1 Gbps subscription, but the router can't handle more than 650 Mbps. I tested it on wired connection on my Macbook. I also did several speed test on the router itself:

I restored the router to factory default not long ago and as you can see the download speed is around 200 Mbps. I really don't know why is this. I begin to believe that the router is faulty.
The speed test on the router GUI is not always correct. Think it's been said around here that sometimes it reports half of the actual speed. On a RT-AC68U on a 500/500 fiber line the GUI likewise reports around 200Mbps up/down. However when running the speedtest.net from a wired PC connected to the router the speeds are correct at around 500Mbps up/down. For example, the router GUI:
router_gui.png


And from a PC:
wired_pc.png


As others have indicated the RT-AC68U is getting very long in the tooth. May be time for a newer router, one with better hardware, and which plays nice with 1GB or faster broadband services.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top