What's new

What's the best way to force all traffic through the pihole for any devices that may have hardcoded DNS on an ASUS router (rt-ax86u) with Merlin?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

You may need to reconfigure the phone WiFi connection for a static IP (if you haven't done so already), then use 8.8.8.8 and 8.8.4.4 as the static DNS fields. Then force the phone to disconnect from the WiFi network and then reconnect. That may reset the phone's network connection including its DNS servers. Then surf some websites on the phone. Check the System log to see where requests are going, and or check the Pi-Hole Query Log to see if it shows a request coming from the router going to those websites you surfed too.
I've done exactly that, even rebooted the router and Pi hole.

Have a fixed ip and dns at my phone, the dns request are not visible in Pi Hole. Not from my phone ip or the router ip.

I noticed that in the connection log the entry is marked as "unreplied", could that be the reason?

.80 is my phone, .110 pi hole:
udp192.168.1.8040266192.168.1.11053UNREPLIED

Any more tips or tricks?

Thanks!
 
This is not how it works. The router and DNSFilter won’t see the traffic from a LAN client to the LAN PiHole, because it doesn’t pass through the router.
As it's a high-level OSI Layer 7 application layer transaction, surely on this occasion it may end up passing through the router, although not to the WAN. Testing this locally shows that some rerouting does indeed take place on the network here with both a pi-hole and Samsung TV connected to the same switch and diverting from the pi-hole to the secondary Diversion DNS on the router!
 
Last edited:
I've done exactly that, even rebooted the router and Pi hole.

Have a fixed ip and dns at my phone, the dns request are not visible in Pi Hole. Not from my phone ip or the router ip.
Have you tested a web page or web site that has ads on it on your mobile device to see if they're being blocked by the Pi-Hole?
 
Have you tested a web page or web site that has ads on it on your mobile device to see if they're being blocked by the Pi-Hole?
Yes i did, snbforums which was showing the adds. I've change the settings of my phone back to DHCP and the adds are gone again.
 
Yes i did, snbforums which was showing the adds. I've change the settings of my phone back to DHCP and the adds are gone again.
Only suggestion I have is to recheck the DNSFilter settings again making sure to hit the apply button if you make changes. Maybe try rebooting the router. Also make sure "Advertise router's IP in addition to user-specified DNS" is set to "No" on the LAN > DHCP Server page. On a RT-AC68U the settings indicated previously for DNSFilter+Pi-Hole appears to be working properly to route a mobile device with static IP/DNS to the Pi-Hole and not show ads.

No idea if using nodes/AiMesh would present additional issues or need additional configuration on the main router or nodes. I don't currently use AiMesh.
 
Last edited:
Only suggestion I have is to recheck the DNSFilter settings again making sure to hit the apply button if you make changes. Maybe try rebooting the router. Also make sure "Advertise router's IP in addition to user-specified DNS" is set to "No" on the LAN > DHCP Server page. On a RT-AC68U the settings indicated previously for DNSFilter+Pi-Hole appears to be working properly to route a mobile device with static IP/DNS to the Pi-Hole and not show ads.

No idea if using nodes/AiMesh would present additional issues or need additional configuration on the main router or nodes. I don't currently use AiMesh.

@bennor thanks for all your support. I've tried that, didn't make a difference. if a configure a static DNS on a client (tried with laptop and phone), the DNS request doesn't go through Pi-Hole.

I even tried a different firmware version: merlin 386.7_2 -> 386.5_2.

And tried another way of configurating:
- Pi-hole DNS in the WAN selection.
- Empty the DNS server in LAN->DHCP with Advertise router's IP in addition to user-specified DNS to YES
- DNSFIlter global settings to "router"

same result, as soon as i configure a static DNS or connect to VPN the DNS request doesn't go through pi-hole.

The only thing i can think of is doing a factory reset en setting it up from scratch again.

Any other suggestions are still welcome!
 
@bennor thanks for all your support. I've tried that, didn't make a difference. if a configure a static DNS on a client (tried with laptop and phone), the DNS request doesn't go through Pi-Hole.

I even tried a different firmware version: merlin 386.7_2 -> 386.5_2.

And tried another way of configurating:
- Pi-hole DNS in the WAN selection.
- Empty the DNS server in LAN->DHCP with Advertise router's IP in addition to user-specified DNS to YES
- DNSFIlter global settings to "router"

same result, as soon as i configure a static DNS or connect to VPN the DNS request doesn't go through pi-hole.

The only thing i can think of is doing a factory reset en setting it up from scratch again.

Any other suggestions are still welcome!

I had the same issue when my Google Home devices seems to be hardcoded to 8.8.8.8 and 8.8.4.4 instead of my Adguard Home.

I merely added the following into IP tables on router (via SSH) with 192.168.10.14 being the DNS sever IP. NOTE: It will show the router as requester, not the client.

Code:
iptables -t nat -A PREROUTING  -p udp -d 8.8.8.8 --dport 53 -j DNAT --to 192.168.10.14
iptables -t nat -A PREROUTING  -p tcp -d 8.8.8.8 --dport 53 -j DNAT --to 192.168.10.14
iptables -t nat -A PREROUTING  -p udp -d 8.8.4.4 --dport 53 -j DNAT --to 192.168.10.14
iptables -t nat -A PREROUTING  -p tcp -d 8.8.8.4 --dport 53 -j DNAT --to 192.168.10.14
iptables -t nat -A POSTROUTING -j MASQUERADE
 
I had the same issue when my Google Home devices seems to be hardcoded to 8.8.8.8 and 8.8.4.4 instead of my Adguard Home.
Yes hard coded Google DNS entries can be troublesome on some devices. Various ways to deal with it. Personally I just blocked 8.8.8.8/8.8.4.4 at the router.

LAN-Route.jpg
 
Yes hard coded Google DNS entries can be troublesome on some devices. Various ways to deal with it. Personally I just blocked 8.8.8.8/8.8.4.4 at the router.

View attachment 43262
This worked when I used Roku's.

But seems the the Google devices just die if you block the Google DNS. Voice assistance won't work and they just keep saying they aren't connected to internet. So hence the routing as to trick the devices into thinking they can reach the Google DNS servers.
 
Yes hard coded Google DNS entries can be troublesome on some devices. Various ways to deal with it. Personally I just blocked 8.8.8.8/8.8.4.4 at the router.

View attachment 43262

Just to be sure, the Gateway address (192.168.2.1) is the IP address of your router right?

Somehow the DNSfilter works on the DNS server of my ISP (T-Mobile Netherlands), but not on the Google DNS server. Anyone experienced something like this? I don't understand why this is happening.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top