[SOLVED] PiHole as DNS but still need Forced DNS resolution

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
lilott8
DD-WRT Novice


Joined: 24 Jan 2019
Posts: 2

PostPosted: Thu Jan 24, 2019 23:49    Post subject: [SOLVED] PiHole as DNS but still need Forced DNS resolution Reply with quote
I have the current configuration:

Router: 192.168.2.1\24
PiHole(DHCP/DNS): 192.168.2.10\24 (Static)

My DHCP range is: 192.168.2.200-255

I try to use IP tables to force DNS redirection using the following rules:

Code:

#keep network on pi-hole
iptables -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 192.168.1.pi:53
iptables -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 192.168.1.pi:53
#punch DNS hole for pi-hole
iptables -t nat -I PREROUTING -i br0 -p tcp -s 192.168.1.pi --dport 53 -j ACCEPT
iptables -t nat -I PREROUTING -i br0 -p udp -s 192.168.1.pi --dport 53 -j ACCEPT


But this kills all DNS requests from the Pihole.

I've also tried using DD-WRT for DHCP and giving the DNS resolver as the PiHole., as I can check the force DNS redirection box. But the same thing happens, DNS dies once that configuration takes place. I'm not certain what I need to do to keep DNS redirection *and* have the PiHole do what it does.


Last edited by lilott8 on Mon Jan 28, 2019 19:46; edited 1 time in total
Sponsor
BR07H3R
DD-WRT User


Joined: 24 Dec 2017
Posts: 121

PostPosted: Sat Jan 26, 2019 5:26    Post subject: Reply with quote
Check out my pi-hole thread in the broadcom section. Hint make sure you tell pi-hole to listen on all interfaces. It wouldn't work for me until I did that. I'm also using it as local DNS.

EDIT
It worked without doing this.. but only for br0


Last edited by BR07H3R on Sat Jan 26, 2019 6:13; edited 1 time in total
BR07H3R
DD-WRT User


Joined: 24 Dec 2017
Posts: 121

PostPosted: Sat Jan 26, 2019 5:50    Post subject: Reply with quote
Code:
iptables -I FORWARD -i br0 -p tcp -d 192.168.1.115 --dport 53 -j ACCEPT
iptables -I FORWARD -i br0 -p udp -d 192.168.1.115 --dport 53 -j ACCEPT


Try this.. looks like your first two lines are causing problems. Replace them with this


Last edited by BR07H3R on Sat Jan 26, 2019 6:38; edited 1 time in total
BR07H3R
DD-WRT User


Joined: 24 Dec 2017
Posts: 121

PostPosted: Sat Jan 26, 2019 5:58    Post subject: Reply with quote
Services tab

egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4334
Location: Netherlands

PostPosted: Sat Jan 26, 2019 15:18    Post subject: Reply with quote
the problem is you are also redirecting the DNS traffic from the pi hole back on itself hence no DNS.
You have to exclude the pihole from redirecting by including in the rule: -s ! 192.168.10.1

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
lilott8
DD-WRT Novice


Joined: 24 Jan 2019
Posts: 2

PostPosted: Sun Jan 27, 2019 5:05    Post subject: Reply with quote
Thanks @egc. That worked. I just added
Code:
-s ! raspberry.pi.ip.address
to the first 2 lines, where I redirect all DNS to Rpi. And it worked perfectly.

I knew it was simple and knew that I was redirecting DNS back to the pihole. I am slowly getting familiar with iptables commands.

Thanks!
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4334
Location: Netherlands

PostPosted: Sun Jan 27, 2019 13:56    Post subject: Reply with quote
you did well my young padawan Smile

Please mark the thread as solved for future reference

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
kyven
DD-WRT Novice


Joined: 31 Jul 2019
Posts: 2

PostPosted: Wed Jul 31, 2019 18:06    Post subject: the same problem Reply with quote
HI , I have the same problem.

On my router (192.168.2.1) Im using only these two lines :

iptables -t nat -A PREROUTING -i br0 -s 192.168.2.101 -p tcp --dport 53 -j DNAT --to 192.168.2.149
iptables -t nat -A PREROUTING -i br0 -s 192.168.2.101 -p udp --dport 53 -j DNAT --to 192.168.2.149

I can see that DNS has come to PI-HOLE server (192.168.2.149), but Im receiving DNS timeout.

When I enable force DNS redirection, it looks like iptable rules are completly ignored and nothing is forwarded to 192.168.2.149
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4334
Location: Netherlands

PostPosted: Wed Jul 31, 2019 18:53    Post subject: Reply with quote
This thread is already marked as solved by the OP.

Please start your own thread, state router, build number and explain your problem, the more info you provide the better we can help

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
kyven
DD-WRT Novice


Joined: 31 Jul 2019
Posts: 2

PostPosted: Wed Jul 31, 2019 21:11    Post subject: reply Reply with quote
thanks , I have already found one solution for this problem.

After POSTROUTING rules I had to add

iptables -t nat -A POSTROUTING -j MASQUERADE

Problem is that since then I can not see original IP adress of DNS request /all of them seems like from router itself/ , but at least its working ... Wink
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum