Menu
What's new
By:
Filters
Better Search

Setup for two Pi-Holes, IPv4 and IPv6, no DNS leaks

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

L

Lightning

New Around Here
First, let me say that I have searched SNB and other fora, and gotten too much conflicting and out-of-date information. I am tired or running around in circles. So I am posting my needs here, in the hope of getting consolidated latest and greatest guidance.

I have a home network, based on an Asus RT-AC68U router, running Asuswrt Merlin 386.7_2. There are two pi-holes on the local network, which both include Unbound resolvers. Here is my wishlist:

1. Devices connecting to the LAN, including guests, should be issued the addresses of both pi-holes for DNS. If one pi-hole is unavailable, the other will provide redundancy.
2. The pi-holes should see queries as originating from the requesting devices, and not from the router.
3. Any DNS requests attempting to bypass the pi-holes (hard-coded, DoT, DoH, Google, etc.) should be intercepted, except,
4. The pi-holes' Unbound resolvers should naturally have WAN access to work.
5. All the above for both IPv4 and IPv6.
6. Router DDNS, NTP should work. Personally, I do not need AiProtection, VPN or other services that may(?) depend on router DNS control.

I think a concise guide to achieving each of the above would be a boon to the community! Ideally, all configuration should be possible with the GUI. I hope I am not asking too much!
 
There are past discussions/posts that answer some if not most of your questions. With respect to setting up Asus-Merlin to use two Pi-Hole's, here are two posts I made on setting up two Pi-Holes.
https://www.snbforums.com/threads/pihole-dns.74646/#post-712118
https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319

In my case the Raspberry Pi's that run Pi-Hole also run Unbound. Plenty of DIY guides out there on how to setup Unbound on a Raspberry Pi. I use DNSFilter to try and deal with clients that try to bypass the Pi-Hole servers. There are various methods to deal with getting the Pi-Holes to pull the correct network client name rather than listing just the router. In my case I use the Conditional Forwarding option in Pi-Hole. Been running a two Pi-Hole setup for several years now. Works well for my basic needs. I do not put the IP addresses of the Pi-Hole's in the router's WAN DNS fields like some do and which Asus suggests. Pi-Hole suggests not inputting the Pi-Hole IP address in the WAN DNS fields. I also use JackLul's Pi-Hole update script to pull the Firebog lists into Pi-Hole. I also run YazFi with static client IP addresses assigned for both the main LAN/WiFi clients and for the YazFi Guest WiFi clients. I don't currently run AiMesh.
 
Last edited:
Lightning said:
1. Devices connecting to the LAN, including guests, should be issued the addresses of both pi-holes for DNS. If one pi-hole is unavailable, the other will provide redundancy.
Click to expand...
Unfortunately this is not available in GUI for AC68U. I posted a feature request for a GUI option to set IPv6 DNS pushed by DHCP and after some time it did made into an update but only for HND platform. Check scripts from this thread to do the same on your AC68U. https://www.snbforums.com/threads/a...stead-of-ipv6-dns-server-ip-f-w-384-19.67225/

I'm not sure on this one but I think DNS intercept for IPv6 is also on HND platform only.
 
N/A said:
Unfortunately this is not available in GUI for AC68U. I posted a feature request for a GUI option to set IPv6 DNS pushed by DHCP and after some time it did made into an update but only for HND platform. Check scripts from this thread to do the same on your AC68U. https://www.snbforums.com/threads/a...stead-of-ipv6-dns-server-ip-f-w-384-19.67225/

I'm not sure on this one but I think DNS intercept for IPv6 is also on HND platform only.
Click to expand...
Thank you, this jibes with the problems I have experienced as new to Asuswrt. I'm really hoping not to have to jump through all these hoops to achieve my aim. But I'll keep looking at it, although my fiddling is constrained by SWMBO needing internet for work.

FYI, I come from FreshTomato, which can mostly do what I need, but has other problems.
 
@bennor
Has provided helpful links in Post #2.
The easy to follow steps for setting up an Asus router and Pi-Hole (etc) are Griswald Easy!
 
You must log in or register to reply here.

Similar threads

B
IPv6 and NextDNS Configuration Assistance Request
Replies
19
Views
1K
easyriider
easyriider
icanfly
custom domains report NXDOMAIN for IPv6 DNS and fail to resolve in Alpine OS
Replies
2
Views
1K
sfx2000
sfx2000
L
"Maximum number of concurrent DNS queries" with strange lb._dns-sd._udp. ... .in-addr.arpa reverse DNS queries (has Pi running Adguard Home + Unbound)
Replies
2
Views
783
loveleeyoungae
L
J
pros and cons for the two common DNS setups for a local adblocker - adguard home
2
Replies
25
Views
4K
Tech9
Tech9
S
Solved DNS resolution works for devices, but not router itself?
Replies
10
Views
1K
spindrift
S
Similar threads
Thread starter Title Forum Replies Date
S Solved New ISP - WAN Setup - Will not work with custom WAN DNS - dnsmasq.conf Asuswrt-Merlin 1
C OVPN server setup problem Asuswrt-Merlin 7
pippo_105 I cannot setup Wireguard on my AX6000 Asuswrt-Merlin 6
XIYO Questions Regarding acme.sh Cron Job Setup and Directory Linking Asuswrt-Merlin 1
T Troubles with VPN Client + DDNS Setup on GT-BE98 Asuswrt-Merlin 5
anotherengineer Proper PPPoE Setup on Merlin? Asuswrt-Merlin 14
J SSID QR Code validity after hard reset but using same SSID Password when setup again? Asuswrt-Merlin 1
docta_v Is there any VPN provider with easy setup for port forwarding on Merlin? Asuswrt-Merlin 5
R How to setup WAN VLAN for Nokia Optical modem on RT-AC87U? Asuswrt-Merlin 12
M AI Mesh node setup without cable? Asuswrt-Merlin 19

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 776 (members: 28, guests: 748)
Top