Bingo!
That's OK but you might as well disable it as it's not doing anything (because it's an empty Deny List).really. I cant recalL putting that in there. Shall I remove and dissable. I also found this:
View attachment 64721
Because it was an Allow List. So it was saying the only DNS addresses you could resolve were those that had "github" in them (and asus.com which is hard-coded).Why did that url filter stop the router DNS server from working?
I still don’t understand why LAN DHCP DNS was working since even forwarded DNS traffic should have been dropped, unless it was somehow falling back to TCP.[0:0] -A FORWARD -i br0 -p udp -m udp --dport 53 -j DROP
Good point. Or possibly switching to DoH as 1.1.1.1 is on Windows' list of known servers. That might explain the inconsistent client behaviour he initially observed.I still don’t understand why LAN DHCP DNS was working since even forwarded DNS traffic should have been dropped, unless it was somehow falling back to TCP.
Pi-Hole must have also had some kind of encrypted DNS running on it, like Unbound DoT, assuming the URL filter has been there for a while. Weird, but enlightening.Good point. Or possibly switching to DoH as 1.1.1.1 is on Windows' list of known servers. That might explain the inconsistent client behaviour he initially observed.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!