Why is my DNS director not working?

[vmachiel]

Hi,

So I’ve setup my DNS director to send everything to my raspberry pi running pihole. It’s also running unbound. The raspberry pi is listed under clients with no redirection just to be sure.

But when I use an ios app called DNS inspector, and I search for a domain (that would normally get blocked) and I put in the router’s IP (192.168.1.1) it doesn’t get redirected to the pihole. The domain that IS on the block list gets resolved and an IPv4 address is shown.

This tells me that if a query does get send to the router somehow, it will bypass my DNS Director settings. This isn’t supposed to happen right?

I’m using a RT-BE86U running the latest Merlin build.

Thanks!

 

[bennor]

@vmachiel, post a screenshot of your DNS Director configuration so others can review. Are the LAN clients configured to use the Pi-Hole via the DNS fields under the LAN DHCP settings secton?

Also check that the Apple device isn't using some sort of DNS encryption or a DNS relay or similar to bypass using the Pi-Hole(s). Some browsers may use their own DoH settings that might bypass the Pi-Hole.

PS: An example of one way to configure Asus-Merlin for Pi-Hole and DNS Director.
https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319

 

[vmachiel]

@vmachiel, post a screenshot of your DNS Director configuration so others can review. Are the LAN clients configured to use the Pi-Hole via the DNS fields under the LAN DHCP settings secton?

Also check that the Apple device isn't using some sort of DNS encryption or a DNS relay or similar to bypass using the Pi-Hole(s). Some browsers may use their own DoH settings that might bypass the Pi-Hole.

PS: An example of one way to configure Asus-Merlin for Pi-Hole and DNS Director.
https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319

Here it is (i said one raspberry pi for simplicity but it’s actually two). They have static IP addresses (15 and 16).

As far as I can see the app is sending a regular DNS request to the IP i tell it to:

This is the response:

The iOS device is perhaps using iCloud Private Relay and goes around router's filtering.

iCloud Private relay is off.

 

[bennor]

@vmachiel, set Global Redirection to Router not User Defined and remove the entries in the user defined fields. Example:

 

[vmachiel]

@vmachiel, set Global Redirection to Router not User Defined and remove the entries in the user defined fields. Example:

But then it’s use my router’s DNS, which is my ISP right? And not the raspberry pi I’ve set in user defined?

 

[Tech9]

But then it’s use my router’s DNS, which is my ISP right?

Wrong. With Advertise routers IP disabled it will use the first entry for DNS Server 1 in LAN settings - your Pi-hole.

Pi-hole setup was discussed perhaps >100 times here on SNB Forums along with why some devices still go around it.

 

[bennor]

But then it’s use my router’s DNS, which is my ISP right? And not the raspberry pi I’ve set in user defined?

That is why I asked: "Are the LAN clients configured to use the Pi-Hole via the DNS fields under the LAN DHCP settings section?" in my initial reply.

When Global Redirection is set to Router and the two Pi-Holes are entered in the Client List with No Redirection configured, what is supposed to happen is any normal DNS request that tries to bypass the Pi-Hole will be intercepted by the router and redirected to use the Pi-Holes assuming you have configured the LAN DHCP DNS Server 1 and 2 fields to use the Pi-Hole(s). See the example link I previously provided that explains how to setup Pi-Hole on Asus-Merlin with DNS Director: https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319

 

[vmachiel]

That is why I asked: "Are the LAN clients configured to use the Pi-Hole via the DNS fields under the LAN DHCP settings section?" in my initial reply.

When Global Redirection is set to Router and the two Pi-Holes are entered in the Client List with No Redirection configured, what is supposed to happen is any normal DNS request that tries to bypass the Pi-Hole will be intercepted by the router and redirected to use the Pi-Holes assuming you have configured the LAN DHCP DNS Server 1 and 2 fields to use the Pi-Hole(s). See the example link I previously provided that explains how to setup Pi-Hole on Asus-Merlin with DNS Director: https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319

I see, it never changed those settings. I’m out now, but i’ll try when I get home!