RT-AC86U DNS issue

alxnt

New Around Here
Hi
I have rt-ac86u with official fw 3.0.0.4.386_44470.
I set my pihole as dns on dhcp but the devices get 2 dns on network adapter. The first one is indeed pihole and the second is the router's ip address.
When I test each device's dns from this link I see 3 dns entries, my public ip address as I have installed unbound in recursive mode and cloudflare dns(ipv4/ipv6) which is set on router wan dns(1.1.1.1 and 1.0.0.1). I also have ipv6 disabled on router.
The only way devices get only pihole as dns is to manually assign IP and add pihole's ip address in the dns field or manually set pihole as dns on each device's network adapter, something that I don't want to do for each device. That is dhcp intended to do.

I also found this link with no luck.

So is there any solution to this issue?
 

Attachments

  • Screenshot 2021-12-02 165257.png
    Screenshot 2021-12-02 165257.png
    10 KB · Views: 17

bbunge

Part of the Furniture
Well, it is working as intended. And it should be a comfort that if the Pi-Hole crashes your router will provide a backup DNS.
You also need to upgrade your firmware. With the new version you can set the router to use DoT which will give you an extra layer of protection.

Edit: if it is any comfort the clients will use the Pi-Hole first as it is the first DNS resolver in the list. I have run Pi-Hole like this on my network with good results. Except, with the Pi-Hole/Unbound setup I was getting a significant number of blocks on AiProtect as compairde to using a filtering DNS resolver such as Quad9 or Cloudflare Secure. So I dropped the Pi-Hole and am using just Quad9 on DoT. The family is much happier and I have the Pi to use for something else.
 
Last edited:

alxnt

New Around Here
Well, it is working as intended. And it should be a comfort that if the Pi-Hole crashes your router will provide a backup DNS.
You also need to upgrade your firmware. With the new version you can set the router to use DoT which will give you an extra layer of protection.

Edit: if it is any comfort the clients will use the Pi-Hole first as it is the first DNS resolver in the list. I have run Pi-Hole like this on my network with good results. Except, with the Pi-Hole/Unbound setup I was getting a significant number of blocks on AiProtect as compairde to using a filtering DNS resolver such as Quad9 or Cloudflare Secure. So I dropped the Pi-Hole and am using just Quad9 on DoT. The family is much happier and I have the Pi to use for something else.
I'm not sure that clients use primary and secondary dns that way.
Have a look here:
https://discourse.pi-hole.net/t/primary-vs-secondary-dns/1536
So if pihole isn't the only dns some queries will be answered directly from public dns provider(in my case cloudflare). This means that maybe filtering will not function as it is should and unbound in recursive mode, too.

I have not upgraded fw yet because I got the router some days ago and I want to notice current fw performance just to compare with the newer fw.
 

ColinTaylor

Part of the Furniture
I'm not sure that clients use primary and secondary dns that way.
This is true. Which servers the client chooses to use (from the DHCP-supplied list) from one request to another is down to it's own behaviour. Microsoft for example has published the methods that it uses in different versions of Windows.

As stock firmware always appends the router's own IP address to the list of DNS servers this creates the problem you're describing. The solution therefore is in that link you provided (assuming a recent firmware version). Leave the DHCP-DNS servers blank so that the client is only using the router for DNS. Then set the WAN-DNS to your pi-hole address. Unfortunately this has the effect of the pi-hole seeing all DNS requests as coming from the router rather than the client.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top