What's new

Merlin, dnsmasq, Pi-hole Accurate Device Names How-To?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Doesn’t show up at all, or doesn’t show up with a hostname? How does it get its IP? Names that only exist in the Client List aren’t known to dnsmasq so the Pi-Hole can’t retrieve them via a reverse lookup of the IP. You could add a reserved IP on the DHCP tab with a hostname to let dnsmasq respond with your preferred hostname. Or you can just setup the name on the Pi-Hole (I seem to remember there was some kind of configurable client list available).

Has no name, it does of course have the IP.
I suppose I can add all devices as reserved, but if it is only 1 or 2 and I can get their name, no problem.

Adding to Pi-hole is by IP, so for static, works for IPv4, IPv6 is still the address only.

When the router provides the ID, I never see the IPv6 addresses in the Pi-hole just the device name.

Currently I'm quite happy with how it's working.
 
Well.

That certainly killed the processes running on a linux server. None had any DNS resolution. Eventually, one fell offline.
Put a 'No filtering' entry for that server and all is well.
No idea why as yet, but the bypass is fine for a server, nobody is on it doing anything.
 
in pihole enable conditional forwarding, in the router under the lan tab set a host name, then it will show device names.
 
Here is my setup
On Pihole :
(DNS using unbound locally.)
Conditional Forward:
1610333850056.png

within /etc/dhcpcd.conf(on RPI)
I have configured the Static IPv4 and IPv6 Assignments for PiHole per interface.

Lan-DHCP:
1610333990684.png

Also, I have Pihole added to static list as 192.168.1.18

DNS-Filter:

1610334258385.png


my configuration goes alittle bit further than most users, I have a dnsmasq.postconf script setup to supply devices with the IPV6 DNS address of my Pihole as well. I have a combined stateful/stateless configuration for Ipv6 (stateless is supplied for devices that will not take a stateful address) with ipv6 addresses set to look to ipv4 for hostnames as well.

On the pihole in /etc/dnsmasq.d, I have configured reverse lookups/conditional forwarding for IPV6 as well. I seldomly have devices show up as the routers address (mainly IoT device look-ups from my security system/ smart televisions).
 
Last edited:
I would go ahead and put the Pi-Hole IP in LAN DHCP DNS 1 and WAN DNS 2. Put a reliable public DNS Server in WAN DNS 1 (e.g. Cloudflare, Quad9, etc.). In DNSFilter, set Custom 1 to the router's IP address and set the Global mode to Custom 1, after adding an exception for the Pi-Hole IP. On the LAN DHCP Server page, check the box to advertise the router IP in addition to the custom choice.

In /jffs/configs/dnsmasq.conf.add, put the following lines:
Code:
strict-order
add-mac
add-subnet=32
local=/0.1.168.192.in-addr.arpa/
The local line is optional unless you've setup Conditional forwarding on the Pi-Hole to forward your LAN domain and subnet back to the router IP. And if you have a different LAN subnet, replace the 1 with that subnet (e.g. 50).

This should tell your LAN clients to use the Pi-Hole as their DNS server (via DHCP) with the router IP as a backup (in case of Pi-Hole failure). Any clients trying to bypass the DHCP-provided DNS will get caught by the DNSFilter and sent to the router's DNSmasq which is now configured to use strict order, which means to use WAN DNS 2 first (Pi-Hole), then if Pi-Hole fails, it will switch to the WAN DNS 1 server. Queries sent from the router to Pi-Hole will now contain the client IP and MAC due to the configuration we added above to dnsmasq.conf.add.

Haven't tested this at all since November in this other thread, but in my head it should work just fine. Just make sure you're running the latest Pi-Hole software.
@dave14305 if you come up with some brilliant way to replicate this with the lan/wan ipv6 DNS, I would be interested to see what you come up with. I currently am injecting the IPV6 DNS address of pihole using a dnsmasq.postconf script. It would be nice if there was a way to get the fail over method to work for IPV6 as well.
 
Yeah at this point I have a setup where ipv4 and ipv6 works, but most of my clients are showing up in Pihole as ipv6 addresses so I can't really see the client names.
 
The router itself will use the WAN DNS servers in the expected order (1, 2) from /etc/resolv.conf, but if you really wanted you can set the router to use dnsmasq on the Tools / Other Settings page. dnsmasq is a little funky about how it prioritizes multiple server entries, hence the "preference" for WAN DNS 2 when using strict-order.
The biggest issue I ran into is the recovery from turning PiHole back on. Making sure each device knows to no longer uses the Wan DNS 1 after recovering from the pihole failure. I had to manually restart several devices to get them to go back to using the proper configuration order. In some cases to me this is more of a headache than simply losing DNS because with this route some devices have to be manually refreshed simply to realize to go back to using the correct DNS order once pihole is back to functioning properly.
 
What are the reasons to use DOT, dns filter, conditional forwarding, etc?

I let my Asus/Merlin act has DHCP, on the settings I put my pi-holes IP for the DNS, no other DNS. My clients all get the pi-hole's IP showing in ipconfig/all from the DHCP from Asus/Merlin.

The issue that I have had is using guest WiFi networks, it seems those clients have no working DNS because "access intranet" is disabled.

Any work around for that?

Alternatively, I can set the Asus/Merlin to use Pi-hole for its own DNS, and then just list the Asus/Merlin IP as the one and only DNS that gets handed out during DHCP, but then all requests appear to be coming from the Asus/Merlin and I cannot see DNS request break down on Pi-hole by client.
 
What are the reasons to use DOT, dns filter, conditional forwarding, etc?

I let my Asus/Merlin act has DHCP, on the settings I put my pi-holes IP for the DNS, no other DNS. My clients all get the pi-hole's IP showing in ipconfig/all from the DHCP from Asus/Merlin.

The issue that I have had is using guest WiFi networks, it seems those clients have no working DNS because "access intranet" is disabled.

Any work around for that?

Alternatively, I can set the Asus/Merlin to use Pi-hole for its own DNS, and then just list the Asus/Merlin IP as the one and only DNS that gets handed out during DHCP, but then all requests appear to be coming from the Asus/Merlin and I cannot see DNS request break down on Pi-hole by client.
The answers to your questions are safety and control. If you need more information Google is your friend.
 
I would go ahead and put the Pi-Hole IP in LAN DHCP DNS 1 and WAN DNS 2. Put a reliable public DNS Server in WAN DNS 1 (e.g. Cloudflare, Quad9, etc.). In DNSFilter, set Custom 1 to the router's IP address and set the Global mode to Custom 1, after adding an exception for the Pi-Hole IP. On the LAN DHCP Server page, check the box to advertise the router IP in addition to the custom choice.

In /jffs/configs/dnsmasq.conf.add, put the following lines:
Code:
strict-order
add-mac
add-subnet=32
local=/1.168.192.in-addr.arpa/
The local line is optional unless you've setup Conditional forwarding on the Pi-Hole to forward your LAN domain and subnet back to the router IP. And if you have a different LAN subnet, replace the 1 with that subnet (e.g. 50).

This should tell your LAN clients to use the Pi-Hole as their DNS server (via DHCP) with the router IP as a backup (in case of Pi-Hole failure). Any clients trying to bypass the DHCP-provided DNS will get caught by the DNSFilter and sent to the router's DNSmasq which is now configured to use strict order, which means to use WAN DNS 2 first (Pi-Hole), then if Pi-Hole fails, it will switch to the WAN DNS 1 server. Queries sent from the router to Pi-Hole will now contain the client IP and MAC due to the configuration we added above to dnsmasq.conf.add.

Haven't tested this at all since November in this other thread, but in my head it should work just fine. Just make sure you're running the latest Pi-Hole software.

Where do I find the WAN DNS 1 and 2?
 
Where do I find the WAN DNS 1 and 2?
On the router GUI WAN page. If you click the Assign button you can either select from pre listed DNS providers or enter your own DNS servers at the bottom of the list. Example of WAN page:
wan dns.jpg
 
On the router GUI WAN page. If you click the Assign button you can either select from pre listed DNS providers or enter your own DNS servers at the bottom of the list. Example of WAN page:
View attachment 47286
Ahh, thank you. I‘ve not used the WAN DNS setting in all the years I’ve used ASUS routers.
 
I would go ahead and put the Pi-Hole IP in LAN DHCP DNS 1 and WAN DNS 2. Put a reliable public DNS Server in WAN DNS 1 (e.g. Cloudflare, Quad9, etc.). In DNSFilter, set Custom 1 to the router's IP address and set the Global mode to Custom 1, after adding an exception for the Pi-Hole IP. On the LAN DHCP Server page, check the box to advertise the router IP in addition to the custom choice.

In /jffs/configs/dnsmasq.conf.add, put the following lines:
Code:
strict-order
add-mac
add-subnet=32
local=/1.168.192.in-addr.arpa/
The local line is optional unless you've setup Conditional forwarding on the Pi-Hole to forward your LAN domain and subnet back to the router IP. And if you have a different LAN subnet, replace the 1 with that subnet (e.g. 50).

This should tell your LAN clients to use the Pi-Hole as their DNS server (via DHCP) with the router IP as a backup (in case of Pi-Hole failure). Any clients trying to bypass the DHCP-provided DNS will get caught by the DNSFilter and sent to the router's DNSmasq which is now configured to use strict order, which means to use WAN DNS 2 first (Pi-Hole), then if Pi-Hole fails, it will switch to the WAN DNS 1 server. Queries sent from the router to Pi-Hole will now contain the client IP and MAC due to the configuration we added above to dnsmasq.conf.add.

Haven't tested this at all since November in this other thread, but in my head it should work just fine. Just make sure you're running the latest Pi-Hole software.

I run two OpenVPN clients, the DNS is set to exclusive on one of them, and the other is set to disabled and in WAN Internet Connection I have these settings:

5A1499B3-CEF8-4A3E-8F83-4FE18069C6DE.jpeg


And ...

6CF72569-FC0F-4342-AFE4-E596E1B88D79.jpeg


A4B0D5B8-FE78-4D62-A81C-85FECD9C42B7.jpeg



I followed your comment exactly and it made my ISP's DNS leak on both VPN connections, as well as the clients routered through to the WAN (when Cloudflare should be showing) I checked these on ipleak.net

PiHole is working fine (and I have unbound installed on the Raspberry Pi as well).

And now I've undone the changes my DNS is still leaking.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top