Pihole DNS

[Mr. Boniato]

hmm.. do you mean like this?
I tried it this way and it works fine for me, but I am not sure if it's correct or not.
I am using Pihole's GUI to select the Upstream, because that's what you use when setting up Pihole.

View attachment 46275

View attachment 46276

View attachment 46274

yes that is how I have it, but I use clean browsing instead of open dns.

 

[Tech9]

Add CleanBrowsing addresses to Custom 1 and Custom 2, if not available in pre-selected servers already. Uncheck everything else to use CleanBrowsing only. You guys really need to read more about Pi-hole uses and configuration. This looks like random clicking and trying if you still have Internet.

 

[SomeWhereOverTheRainBow]

Add CleanBrowsing addresses to Custom 1 and Custom 2, if not available in pre-selected servers already. Uncheck everything else to use CleanBrowsing only. You guys really need to read more about Pi-hole uses and configuration. This looks like random clicking and trying if you still have Internet.

I can list a few methods to configure pihole and the router. There are atleast 3 or 4 different methods I have used in the past that have all worked well. But now I have by far the cleanest method, but most people new to this get easily confused so I try not to share to prevent the onset of confusion. @bennor Typically has the atypical recommended method that piholes site recommends as the "default" method over LAN DNS, it works well but can have leaks with devices that don't accept the dhcp configuration advertised by the router. Then users have to resort to using the firewall to force clients to use pihole, those requests appear as though they are "the router" as the client.

 

[Mr. Boniato]

Can you be so kind to explain what is difference of adding the dns sever in custom 1..2 or just having 192.168.1.1 which is telling pihole to use the same upstream dns server?

 

[SomeWhereOverTheRainBow]

Can you be so kind to explain what is difference of adding the dns sever in custom 1..2 or just having 192.168.1.1 which is telling pihole to use the same upstream dns server?

Pass.

 

[Mr. Boniato]

I saw a comment from Merlin https://www.snbforums.com/threads/pihole-dns-server.82129/post-806428
he say there:

If you want to cover the whole LAN:

1) WAN set to ISP DNS - - - different with me is i use clean browsing, not isp
2) PiHole upstream DNS set to router IP <------ HERE
3) DNS Director set to force the use of the PiHole IP (per client or globally), or LAN DNS set to PiHole IP

this is how mine is set. are you saying this is wrong?

 

[SomeWhereOverTheRainBow]

I saw a comment from Merlin https://www.snbforums.com/threads/pihole-dns-server.82129/post-806428
he say there:

If you want to cover the whole LAN:

1) WAN set to ISP DNS - - - different with me is i use clean browsing, not isp
2) PiHole upstream DNS set to router IP <------ HERE
3) DNS Director set to force the use of the PiHole IP (per client or globally), or LAN DNS set to PiHole IP

this is how mine is set. are you saying this is wrong?

I wouldn't say it is wrong; however, it is one way it can be configured. All request that get sent via DNS Director will have no client information. They will appear as though the router made the request. If you are fine with that, feel free to go on your merry way.

 

[jata]

Not sure how helpful this is but I have my setup as follows:

• Primary DNS: RPI running dietpi with adguard home and unbound setup (mainly automatically configured/setup managed)
• Secondary DNS: NextDNS on a their free service (<300k lookups/mth i think) - this is used to catch stuff that does go through primary (e.g. if i need to reboot primary). Also allows me to use nextDNS app to block ads on my iphone when off the LAN
• WAN DNS: set to google DNS or my ISP (don't care really as not really used - only by router f/w stuff)
• DHCP DNS: set to primary and secondary as outlined above. All clients using DHCP...
• DNS Director: Off (not needed for me. I have local client name lookup/resolution by adding the following to unbound config) - [//50.168.192.in-addr.arpa/lan/local/]192.168.50.1:53

 

[SomeWhereOverTheRainBow]

I saw a comment from Merlin https://www.snbforums.com/threads/pihole-dns-server.82129/post-806428
he say there:

If you want to cover the whole LAN:

1) WAN set to ISP DNS - - - different with me is i use clean browsing, not isp
2) PiHole upstream DNS set to router IP <------ HERE
3) DNS Director set to force the use of the PiHole IP (per client or globally), or LAN DNS set to PiHole IP

this is how mine is set. are you saying this is wrong?

Here is my method

Post in thread 'Pihole DNS Server' https://www.snbforums.com/threads/pihole-dns-server.82129/post-806485

 

[Mr. Boniato]

I wouldn't say it is wrong; however, it is one way it can be configured. All request that get sent via DNS Director will have no client information. They will appear as though the router made the request. If you are fine with that, feel free to go on your merry way.

ok. at least I feel good to know the way I have it is not incorrect, specially if Merlin say to use it
I knew was correct way just not sure what was the difference comparing both ways.

thank you for helping.

 

[SomeWhereOverTheRainBow]

ok. at least I feel good to know the way I have it is not incorrect, specially if Merlin say to use it
I knew was correct way just not sure what was the difference comparing both ways.

thank you for helping.

It is the most preferred method since most people don't feel comfortable using custom scripts and having a simple webui method makes it easy to explain.

 

[fotingo]

@bennor hello, I notice if I set "Router" as the global Redirection.. Safari browser on iOS is able to bypass the router's DNS settings...but If I set it to use USER Define DNS 1 (which has the Pihole IP), then it fixes the issue and Safari browser does not bypass pihole.

I have Pihole set in the LAN DCHP and Advertise router's IP in addition to user-specified DNS set to "No".. so everything on this guide is the same except the Global Redirection, which I had it as you said, but noticed this issue with Safari.. only safari browser bypassing the Pihole.. but this was fixed after using User Define DNS 1... is this OK to use or, what is the difference between using Router and User Define DNS 1?

 

[dave14305]

I have Pihole set in the LAN DCHP
USER Define DNS 1 (which has the Pihole IP)
what is the difference between using Router and User Define DNS 1

No difference from the router’s perspective. The rules in both scenarios redirect queries to the PiHole IP, since LAN DHCP DNS1 is not blank.

 

[fotingo]

No difference from the router’s perspective. The rules in both scenarios redirect queries to the PiHole IP, since LAN DHCP DNS1 is not blank.

That's what I thought.. I wonder why Safar browser on my iphone is able to bypass the Pihole when set to Router...no other app or device can as they are all forced to use Pihole, but for some reason only the safari browser is able to...very strange.

 

[bennor]

Maybe some suggestions here might help:

https://www.reddit.com/r/Adguard/comments/1cchkib/safari_and_ms_edge_bypassing_adguard_home_dns

And maybe here:

Blocking Not Working in Safari on a Mac

I have been using PiHole for some time, and everything works correctly on all my devices. I used to use Microsoft Edge as my web browser, and everything works correctly in that. However I have just tried using Safari as a browser instead, and the web blocking does not work in that. I have...

discourse.pi-hole.net

 

[fotingo]

I think I found what the issue was. I had set Pihole for only devices listed in the DNS Director list. But recently decided to make it so all devices use Pihole by adding DNS server under LAN DHCP. Since my iPhone was listed under DNS Director list and sometimes iOS would switch MAC addresses, I think is the reason Safari would bypass the filtering.

Now that I have removed the iPhone from the DNS Director list, the issue is gone and I have not been able to replicate it.

 

[Tech9]

and sometimes iOS would switch MAC addresses

You can disable randomized MAC addresses for your network. Settings, Wi-Fi, tap on i next to the SSID, disable Private Wi-Fi Address.

 

[SomeWhereOverTheRainBow]

No difference from the router’s perspective. The rules in both scenarios redirect queries to the PiHole IP, since LAN DHCP DNS1 is not blank.

I have yet to see a thread about DNS or DNS Director in which you have not had to re-explain this topic. This community is lucky to have you around.