Help - DNS 1 Pi-Hole / DNS 2 Diversion

[sentinelvdx]

Hi,

I'm having the following challenge.
I have setup a Pi-Hole docker on my NAS and Diversion into the router.
My idea is to have Pi-Hole as main DNS resolver, and Diversion as Backup.

I've setup Pi-Hole IP on DNS 1 (.21) , and Diversion on DNS 2 (.1)

The thing is, that my PC gets .1 which is the router IP as DNS, but router instead of forwarding DNS requests to .21 it goes directly into diversion.
Pushing both IP's to each device is not the idea, I want router to do it. How can I make it work? any idea?

Hope I have explained myself.

Thanks,

 

[dave14305]

Post screenshots of your WAN DNS assignments and LAN DHCP Server DNS assigments, please. Your post is unclear where you are setting these IPs.

 

[sentinelvdx]

Sure, here it is

 

[ColinTaylor]

Your regular WAN DNS servers are ignored because you have enabled DNS Privacy.

My idea is to have Pi-Hole as main DNS resolver, and Diversion as Backup.

It doesn't work like that. If you specify two DNS servers a client will use both. One isn't a "backup".

 

[dave14305]

You're fortunate that DNS Privacy is enabled, otherwise you've created a DNS loop by having dnsmasq (on 192.168.50.1) point to itself as an upstream resolver.

 

[bbunge]

WAN DNS Settings need to be for an upstream DNS resolver. For example use Cloudflare 1.1.1.1 and 1.0.0.1 (both IpP addresses here should be of the same service). This is important so your router gets its time set when it boots.
Next, set the DNS Privacy or DoT to both addresses of the same service: 1.1.1.2 and 1.0.0.1. Using different providers is not good as the client that controls DoT, Stubby, will alternate between listed addresses.
Next, in LAN/DNS Server 1 set the address of the Pi-Hole. Leave the DNS Server 2 blank and leave Advertise router's IP in addition to... set to Yes. With these settings the router DHCP will push the Pi-Hole address to the clients as the first DNS server and the router (Diversion) IP address as the second DNS server. The client will mostly use its first DNS server and fall bacl to the router (second DNS server) if it needs to.
This is the simplest way to do it and it works.

 

[bennor]

I've setup Pi-Hole IP on DNS 1 (.21) , and Diversion on DNS 2 (.1)

Note that if you have input the Pi-Hole IP address into the WAN DNS field, that isn't what the Pi-Hole documentation recommends. For Pi-Hole it is recommended to input the Pi-Hole into the LAN DHCP DNS field. In addition, if you choose to use the WAN DNS field(s) for Pi-Hole; it is possible, depending on the router and Pi-Hole configuration settings, to create a DNS feedback loop that could potentially flood your local network.

ASUS router - Pi-hole documentation

docs.pi-hole.net

ASUS router​

ASUS was so kind to set up a FAQ how to configure their routers together with Pi-hole.

They offer two kinds of setup depending on your router's firmware version. On newer firmware they recommend setting Pi-hole as DNS server for the WAN connection and on older versions for LAN connections. However, we recommend to setup Pi-hole always as DNS server for your LAN! If you do so, Pi-hole's IP is distributed as DNS server via DHCP to your network clients. Each client will directly send their queries to Pi-hole and will be shown individually in Pi-hole's web interface. Additionally, you can use the group management features.

You can find the FAQ here: https://www.asus.com/support/FAQ/1046062/

Be careful when you setting WAN DNS server to Pi-hole and enable conditional forwarding
This can cause DNS loop between router and Pi-hole for unkown hostnames.

February 22, 2025