Installing pihole directly on asus router

[spanjap]

Just for diagnostic purposes what happens when you change back dnsmasq to port 53. If you do this pihole should be up and running still. Then try disconnecting and reconnecting a device.

Also for clarification what do you mean by "The DNS isn't working anymore on that device"

I'm going to try that later today.

The DNS lookup isn't working.

Question: Is it a problem that the pi-hole ip is the same as the router ip?

 

[Tonystarr]

I'm going to try that later today.

The DNS lookup isn't working.

Question: Is it a problem that the pi-hole ip is the same as the router ip?

Pihole should have a different ip.
For example my router is at 192.168.1.1 and pihole is 192.168.1.2
Also make sure that the second ip address pihole asks for is the default gateway address.
For more information check one of the previous posts I replied on. It went into detail on the rest of the router and pihole settings.

 

[Kingp1n]

Pihole should have a different ip.
For example my router is at 192.168.1.1 and pihole is 192.168.1.2
Also make sure that the second ip address pihole asks for is the default gateway address.
For more information check one of the previous posts I replied on. It went into detail on the rest of the router and pihole settings.

@Tonystarr based on you usage of Pihole, can you say everything is working flawlessly or there's some issues we should be concern off?

 

[spanjap]

@Tonystarr I got pihole working on my RT-AX88U router.

The 2 issues I had (1 small and 1 mayor);
- "sudo service pihole-FTL restart" isn't working for me, because it's saying "Not running". I fixed it to change this to "pihole-FTL" only.
- When I add a whitelist /blacklist entry my domains on blocklist will be 0 (And therefore nothing gets blocked anymore). This is also the case when updating the blocking list.
What fixes this for me is changing the /debian/opt/pihole/gravity.sh file.

Change from line 508:

  # Print everything from preEventHorizon into whitelistMatter EXCEPT domains in $whitelistFile
  comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}"

  echo -e "${OVER}  ${INFO} ${str}"

To:

  # Print everything from preEventHorizon into whitelistMatter EXCEPT domains in $whitelistFile
  #comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}"

    grep -Fvx -f /etc/pihole/whitelist.txt ${piholeDir}/${preEventHorizon} >/etc/pihole/remaining.list &&
    mv /etc/pihole/remaining.list ${piholeDir}/${preEventHorizon}

  echo -e "${OVER}  ${INFO} ${str}"

Now it's working without issues. Hope this is of any help

 

[Tonystarr]

@Tonystarr based on you usage of Pihole, can you say everything is working flawlessly or there's some issues we should be concern off?

Beyond what spanjap said the only other thing I will bring up is that this might not work in future updates of pihole. While it should unless major changes are being made I can't guarantee that it always will. Right now 4.3.1 works pretty well. I even managed to block a large chunk of YouTube ads with it as well by using regex. On a final note I would still recommend backing things up.

 

[SomeWhereOverTheRainBow]

Beyond what spanjap said the only other thing I will bring up is that this might not work in future updates of pihole. While it should unless major changes are being made I can't guarantee that it always will. Right now 4.3.1 works pretty well. I even managed to block a large chunk of YouTube ads with it as well by using regex. On a final note I would still recommend backing things up.

Can this work along side the built in router implementation of stubby or do you have to use entware version

 

[Tonystarr]

Can this work along side the built in router implementation of stubby or do you have to use entware version

Ignore this do what @Jack Yaz said

Not entirely sure. I know that stubby entware works (with the slight downside of a reboot issue. check previous post ). The way I currently have things set up is that the router DHCP pushes everything to pihole. Pihole then filters out ads and pushes it to stubby. The problem is that if you don't use DHCP and decide to use the built in stubby to send things to pihole it would be practically useless since you can't take advantage of dns over tls or send it to anything but pihole. That being said pihole can be used as a DHCP server as opposed to your router. You might be able to find a way to then send the traffic back your router to take advantage of the built in stubby ???
Note: If you don't care about dns over tls pihole can send traffic to multiple different dns servers without stubby.

 

[Jack Yaz]

You're overcomplicating this.

Set DHCP on router to hand out PiHole IP as DNS via LAN DHCP DNS field.

Set PiHole to use router IP as forwarding DNS Server.

Configure router with DoT and your preferred DoT resolvers.

 

[Tonystarr]

You're overcomplicating this.

Set DHCP on router to hand out PiHole IP as DNS via LAN DHCP DNS field.

Set PiHole to use router IP as forwarding DNS Server.

Configure router with DoT and your preferred DoT resolvers.

lmao. It appears that I am. Thank you

 

[SomeWhereOverTheRainBow]

lmao. It appears that I am. Thank you

what is the average load you see to the cpu and ram when running pihole?

 

[Chrisgtl]

You're overcomplicating this.

Set DHCP on router to hand out PiHole IP as DNS via LAN DHCP DNS field.

Set PiHole to use router IP as forwarding DNS Server.

Configure router with DoT and your preferred DoT resolvers.

Can you or anyone else help me getting Pi-Hole running correctly on 86U with latest Merlin?

Router 192.168.0.1 (DHCP on with 40 static IP's assigned one of which is the Pi-Hole @ 192.168.0.5)
Pi-Hole 192.168.0.5 (DHCP off)

No matter what settings I try I either can't resolve addresses or I can resolve and ads don't block....haha

I've completely removed Diversion but left Skynet on the router. Not sure if this is possible running Pi-Hole though?

Router Page;
LAN > DHCP Server > DNS and WINS Server Settings >
DNS Server 1 = 192.168.0.5
Advertise router's IP in addition to user-specified DNS = ?

WAN > WAN DNS Settings >
Connect to DNS Server automatically = No
DNS Server 1 = ?
Forward local domain queries to upstream DNS = ?
Enable DNS Rebind protection = Yes
Enable DNSSEC support = Yes
Validate unsigned DNSSEC replies = Yes
Prevent client auto DoH = Auto
DNS Privacy Protocol = DoT
DNS-over-TLS Profile = Strict
Preset servers = 1.1.1.1, 1.0.0.1


Pi-Hole Page;
Settings > DNS
Upstream DNS Servers = ?
Never forward non-FQDNs = Yes
Never forward reverse lookups for private IP ranges = Yes
Use DNSSEC = No
Use Conditional Forwarding = No


Where am I going wrong? Do I need to open ports or something?

 

[Martineau]

Can you or anyone else help me getting Pi-Hole running correctly on 86U with latest Merlin?

Router 192.168.0.1 (DHCP on with 40 static IP's assigned one of which is the Pi-Hole @ 192.168.0.5)
Pi-Hole 192.168.0.5 (DHCP off)

No matter what settings I try I either can't resolve addresses or I can resolve and ads don't block....haha

I've completely removed Diversion but left Skynet on the router. Not sure if this is possible running Pi-Hole though?

Router Page;
LAN > DHCP Server > DNS and WINS Server Settings >
DNS Server 1 = 192.168.0.5
Advertise router's IP in addition to user-specified DNS = ?

WAN > WAN DNS Settings >
Connect to DNS Server automatically = No
DNS Server 1 = ?
Forward local domain queries to upstream DNS = ?
Enable DNS Rebind protection = Yes
Enable DNSSEC support = Yes
Validate unsigned DNSSEC replies = Yes
Prevent client auto DoH = Auto
DNS Privacy Protocol = DoT
DNS-over-TLS Profile = Strict
Preset servers = 1.1.1.1, 1.0.0.1


Pi-Hole Page;
Settings > DNS
Upstream DNS Servers = ?
Never forward non-FQDNs = Yes
Never forward reverse lookups for private IP ranges = Yes
Use DNSSEC = No
Use Conditional Forwarding = No


Where am I going wrong? Do I need to open ports or something?

Try testing a single device

e.g. DNSFilter

NOTE: The Pi-hole will see ALL requests as originating from the router 192.168.0.1.

 

[dave14305]

Advertise router's IP in addition to user-specified DNS = ?

Set to No.

DNS Server 1 = ?
Forward local domain queries to upstream DNS = ?

Set to 1.1.1.1
Do not forward local domain queries.

Pi-Hole Page;
Settings > DNS
Upstream DNS Servers = ?

Set upstream to the router IP 192.168.0.1 if you want Pi-Hole queries to go out through router's DoT.

Do I need to open ports or something?

No.

 

[Chrisgtl]

Set to No.

Set to 1.1.1.1
Do not forward local domain queries.

Set upstream to the router IP 192.168.0.1 if you want Pi-Hole queries to go out through router's DoT.

No.

Still no cigar. I'm at a complete loss now.

When I log into the Pi-Hole and go to network all my devices are listed and green but the router and laptop I am testing from are both using wlan0 whereas all the other devices are listed as eth0.

Dunno if that relates to the problem.

 

[dave14305]

Still no cigar. I'm at a complete loss now.

When I log into the Pi-Hole and go to network all my devices are listed and green but the router and laptop I am testing from are both using wlan0 whereas all the other devices are listed as eth0.

Dunno if that relates to the problem.

Are you using DNSFilter in router's LAN section? If yes, turn it off to test. Take a screenshot first so we know what may have been interfering.

I'm not familiar with pi-hole first-hand, but I don't see why this shouldn't work. Make sure your clients are actually getting the pi-hole IP address via DHCP as their DNS server (ipconfig /all).

 

[Chrisgtl]

Are you using DNSFilter in router's LAN section? If yes, turn it off to test. Take a screenshot first so we know what may have been interfering.

I'm not familiar with pi-hole first-hand, but I don't see why this shouldn't work. Make sure your clients are actually getting the pi-hole IP address via DHCP as their DNS server (ipconfig /all).

Spot on and thank you. It was DNSfilter that was killing everything. I've disabled and all is working well. Need to test further when I get time (kids went into trauma because of the downtime yesterday haha)

Thanks again.

 

[dave14305]

Spot on and thank you. It was DNSfilter that was killing everything. I've disabled and all is working well. Need to test further when I get time (kids went into trauma because of the downtime yesterday haha)

Thanks again.

When you want to enable it again, make sure you:

1. Set Global mode to Router (this will use the LAN DHCP DNS 1 server value since it is populated, otherwise it defaults to the router IP).
2. Add a Client rule for the PiHole for “No Filtering” as @Martineau showed in his screenshot above. This ensures the PiHole isn’t filtered itself into a loop.

 

[OMNI619]

I just set up raspberry pi-hole as well on my WNDR3700 running dd-wrt I'm running debian buster I run in to some issues finally got it up and running

Sent from my SM-G930V using Tapatalk

 

[Chrisgtl]

When you want to enable it again, make sure you:

1. Set Global mode to Router (this will use the LAN DHCP DNS 1 server value since it is populated, otherwise it defaults to the router IP).
2. Add a Client rule for the PiHole for “No Filtering” as @Martineau showed in his screenshot above. This ensures the PiHole isn’t filtered itself into a loop.

Perfect! Thanks. All working beautifully now.

 

[SomeWhereOverTheRainBow]

Perfect! Thanks. All working beautifully now.

are you running this from chrooted Debian on the router or did you place your pihole on a raspberrypi ?