Hello all! I think I’m having a bit of trouble with my home network. It appears that all of my devices are using my Pi-hole DNS because I can see them all listed in the UI. But, when I check the devices, I can see both the Pi-hole IP address and the router’s. Pi-hole is listed first, so I’m assuming everything is using that, but I don’t want the devices on my network to even know about the router DNS. I’ve heard of aggressive devices like Roku exploiting things like this.

I have an ASUS RT-AX55, so I believe I have full control of any setting I need. Any advice? Is this not even a problem?

EDIT: The latest firmware for the RT-AX55 is 3.0.0.4.386_52041, and, according to this (https://www.asus.com/support/FAQ/1050080/) I need 3.0.0.4.388.22525 to get the setting I need. @[email protected]’s screenshot shows the settings I need but I only have one DNS field. My suspicion was correct that the router was sending itself as DNS2. It’s an imperfect solution, but I changed my upstream DNS on my router to point to the Pi-hole for now. It’s a bit frustrating to not see the actual device the traffic is coming from instead of “router” but at least ALL of my traffic is now being routed through the correct DNS server.

At this point, it looks like I cross my fingers and try using Pi-hole DHCP again or get a new router.

EDIT2: I found that the RT-AX55 doesn’t have the UI to change DNS2, but the property is there if you use SSH. Just log in and run this: nvram set dhcp_dns2_x=<PIHOLE_IP> | nvram commit. Problem solved!

Thanks for the help, y’all!

  • @[email protected]
    link
    fedilink
    English
    15
    edit-2
    11 months ago

    The DHCP server pushes the DNS configuration to the clients. Is your Asus router running the DHCP server? If so, in DHCP configuration, set the DNS to point to your Pi-Hole

    • @[email protected]OP
      link
      fedilink
      English
      111 months ago

      I have my router as DHCP and I also have the DNS set to the pi-hole which I’m assuming is how the devices are getting it. I’m just not sure why it’s getting my router IP as well.

      • @kylian0087
        link
        English
        411 months ago

        Perhaps because the curent lease has not expired yet. Remove the lease in the router or force the client to get a new lease

      • @[email protected]
        link
        fedilink
        English
        211 months ago

        Some devices get confused if there is only one DNS server provided by the DHCP… Maybe try setting your PiHole IP for both “Primary” and “Alternative” DNS server

        • @[email protected]OP
          link
          fedilink
          English
          111 months ago

          I only have one dns field. Apparently, there’s a fork of asus software that provides 2 so my suspicion is that the router is automatically supplying its own IP as dns2

          • @[email protected]
            link
            fedilink
            English
            1
            edit-2
            11 months ago

            Then I’d recommend turning off the DHCP server on the Asus router and enabling it on the PiHole… inside the PiHole DHCP server configuration set your routers IP as a gateway address, and set the PiHole address as the DNS. This way, PiHole will manage the IP addresses in your network, which might be a better option overall.

            I’m an advanced Mikrotik user overall, one thing they had not been great about is WiFi but their networking capabilities have always been amazing but had a steep learning curve if you’d be using their more advanced options. Though Mikrotik has finally released their WiFi6 devices whose WiFi is finally getting competitive with other WiFi router manufacturers. I can recommend hAP AX2 or hAP AX3, and definitely check their Youtube channel for getting their tutorials.

            Mikrotik is definitely my go-to recommendation if you also want to learn networking fundamentals because it’s affordable and yet incredibly advanced whichever model you get because they all have pretty much the same RouterOS software within them. There’s even more things to thinker about ever since the release of their RouterOS 7 which is now based on Linux 5 kernels compared to their old RouterOS 6 which was based on Linux 3 kernels.

            You can even run PiHole on the Mikrotik router itself

      • grayatrox
        link
        English
        111 months ago

        Your router is the gateway to the internet. I could be wrong here, but this is why your devices can see it. They need to know where they can access the internet.

        • Atemu
          link
          fedilink
          English
          111 months ago

          DHCP is a protocol where the “router” tells the devices that it is the gateway.

          • grayatrox
            link
            English
            211 months ago

            So gateway refers to where to find the DHCP server?

            • @[email protected]
              link
              fedilink
              English
              211 months ago

              Gateway is the path where your devices go if it needs to go out of the network, eg. the Internet, different subnet.

            • Atemu
              link
              fedilink
              English
              211 months ago

              Note that what is typically referred to a “router” in a home setting is actually many different devices/services in one. It’s usually a combination of router, switch, firewall, DHCP server, DNS server, Wireless Access Point, modem and probably a couple other things I forgot.

            • @[email protected]
              link
              fedilink
              English
              111 months ago

              No, that’s handled by ARP requests. In this case, it’s likely that the DHCP server is on the gateway, as that’s a pretty common setup for home ISP router arrangements.

              Gateway refers to a router that has access to other networks. In this case, the default gateway, which will be the router that has access to the internet.

              DNS or name servers are a separate option in DHCP leases, as are the IP addresses for DHCP servers, which are more of a windows thing generally.

              In this case this comment is probably an accurate description of what’s happened:

              https://lemm.ee/comment/7429148

  • walden
    link
    fedilink
    English
    311 months ago

    Like the other poster said, this will be configured on your routers settings. You can configure more than one DNS address, the 2nd (etc.) being backups if the first one stops working.

    • @[email protected]OP
      link
      fedilink
      English
      111 months ago

      The router is running DHCP and is set to hand out the Pi-hole IP as DNS. Interestingly, there’s only one field for this so maybe the router is choosing itself as DNS2? If I go into WAN settings, there are fields for DNS1 & 2 but if I was under the impression that these should be set for upstream DNS.

      • Norah - She/They
        link
        fedilink
        English
        311 months ago

        I’m running the Merlin fork of the Asus firmware, so maybe that adds this option, but in my DHCP settings there’s a switch called:

        Advertise router’s IP in addition to user-specified DNS

        Sidenote: The Merlin version of the firmware is great! It lets you run the Diversion adblocker, which functions in the same way as Pihole. However, the RT-AX55U isn’t supported. The AX58U is though, maybe it might be worth upgrading? It’s a lot simpler than running a Pihole separately.

      • @[email protected]
        link
        fedilink
        English
        1
        edit-2
        11 months ago

        If you can’t figure it out, you can always use your PiHole as a DHCP server and disable your router’s DHCP server.

        If I go into WAN settings, there are fields for DNS1 & 2 but if I was under the impression that these should be set for upstream DNS.

        Try set those to your PiHole IP. Then, even if a DNS request goes to your router, it should send the request to PiHole rather than the ISP’s DNS servers.

        By the way, I’d recommend running two PiHole instances so that the internet doesn’t break if you have to take one of them down. There’s a system for AdGuard Home that lets you keep the config for multiple instances in sync - maybe there’s something like that for PiHole too.

        • @[email protected]OP
          link
          fedilink
          English
          111 months ago

          Last time I tried that was… problematic. I suppose I could try again…

          I’m kinda just getting started. The goal is to have a media server in addition to my current raspberry pi server that will act as a second dns. If I can’t find a way to keep them synced, I’ll give adguard a try

  • @[email protected]
    link
    fedilink
    English
    211 months ago

    Is DNS enabled on your router? It’s usually (or should be, imo) a separate setting from DHCP.

    Turn off the routers DNS server, then it’ll have no reason to add the IP to the DHCP Config.

    Double check the DHCP Config on the router to ensure it’s only deploying the Pihole address.

  • @[email protected]B
    link
    fedilink
    English
    1
    edit-2
    11 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    IP Internet Protocol
    PiHole Network-wide ad-blocker (DNS sinkhole)

    3 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.

    [Thread #363 for this sub, first seen 19th Dec 2023, 06:05] [FAQ] [Full list] [Contact] [Source code]