Joined: 14 Jan 2020
|Posted: Sun Feb 14, 2021 12:21 Post subject: How to setup Pi-hole in a setup like this?
|So I have a Netgear R7800 running r45735 (02-11-2021) and I was wondering how I could set up Pi-hole.
My setup consists of:
DHCP server is enabled. "Use DNSMasq for DNS" is enabled. "DHCP-Authoritative" is enabled. NTP is on and synced to an IP. In the services tab "Used Domain" is set to LAN & WLAN and I have a "LAN Domain" set as well although I don't know what it does. Dnsmasq is also enabled and only "No DNS Rebind" and "Query DNS in Strict Order" is enabled when it comes to options. My DHCP range is 192.168.1.110 - 192.168.1.130.
In "Additional Dnsmasq Options" I have a lot of static leases set like
and I did this because I like to keep track of my devices. Even though all my devices are given a static lease through dnsmasq I also set up my devices manually to use static IP through their respective network configuration menus. All my static IP's fall outside my DHCP range.
I also have a lot of ports forwarded to my PS4 and PS5. UPnP is also enabled.
I just recently set up Pi-hole and gave it an IP of 192.168.165. What I want to do is be able to see all my devices hostnames given by my DD-WRT static leases in Pi-hole. The best method I found while searching is setting "Additional Dnsmasq Options"
but will this achieve what I want? Also I don't want all my devices to use Pi-hole as their DNS server. I manually set up dnscrypt-proxy on 2 of my laptops. They use 127.0.0.1 as their DNS servers so there will be no problems with that right?
Are there any other things I have to enable in either Pi-hole or DD-WRT? Like additional dnsmasq options? "Cache DNSSEC data" and "Validate DNS Replies (DNSSEC)" is disabled although in Pi-hole I use 184.108.40.206 (cloudflare) as my DNS and "Use DNSSEC" is enabled there.
Also what should I do with "Conditional forwarding" in Pi-hole settings? I assume this is needed to do what I want?
Joined: 16 Nov 2015
Location: UK, London, just across the river..
|Posted: Sun Feb 14, 2021 13:23 Post subject:
|hmmm many articles, "how to use PI DNS along with DDWRT router" search in the forum or Google...
As far as decent set up, you can run all those services on the router side and not use a PI...
There is a link how to use DNScrypt proxy v2 in my signature...you can also use an alternative external DNS specified in additional DNSmasq rules...
What i would've do is, just use DNScrypt-proxy v2 on DDWRT router via Entware on usb...as it goes encrypted...
In general its not a good practice to use a multiple DNS servers from different types or external/internal combination...
If you need statistics, than you need that Pi or to run some other stuff via Entware, to get those statistics...not much point of those anyway, unless you provide a commercial DNS services...
for simple DNSmasq log statistics you can add this command to additional DNSmasq rules, and look at the general log, do keep in mind log will be flooded with queries...
TP-Link WR740Nv1 ---DD-WRT 51440 WAP
TP-Link WR1043NDv2 -DD-WRT 51530 Gateway/DoT DNS,AP Isolation,Ad-Block,Firewall,Forced DNS,VPN,VLAN
TP-Link WR1043NDv2 -DD-WRT 51440 Gateway/DoT DNS,Ad-Block,Firewall,Forced DNS,x3 VLAN(no-wifi)
TP-Link WR1043NDv2 -Gargoyle OS 1.13.0 AP,DNS,QoS,Quotas
Netgear R7800 --DD-WRT 51530 Gateway/DoT DNS,AD-Block,AP&Net Isolation,VLAN's,Firewall,Vanilla
Netgear R9000 --DD-WRT 51440 Gateway/DoT DNS,AD-Block,AP Isolation,Firewall,Forced DNS, 2,4Ghz only,Vanilla
Netgear R7000 ---DD-WRT 51440 Gateway/DoT DNS,AD-Block,Firewall,Forced DNS,VLAN's,VPN (wi-fi off)
NOT USING 5Ghz ANYWHERE
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Sun Feb 14, 2021 17:22; edited 1 time in total
Joined: 18 Sep 2010
|Posted: Sun Feb 14, 2021 15:37 Post subject: Re: How to setup Pi-hole in a setup like this?
|LizardWizard wrote: |
|I just recently set up Pi-hole and gave it an IP of 192.168.165. What I want to do is be able to see all my devices hostnames given by my DD-WRT static leases in Pi-hole. The best method I found while searching is setting "Additional Dnsmasq Options"
If by this you mean, have the *pihole* show you which source IP made a DNS request (assuming it is capable of this, I don't know, I don't use it), then yes, it will work, because you are effectively bypassing DNSMasq for DNS purposes.
However, I would recommend you always specify the relevant network interface to which any given dhcp-option should apply.
|Also I don't want all my devices to use Pi-hole as their DNS server. I manually set up dnscrypt-proxy on 2 of my laptops. They use 127.0.0.1 as their DNS servers so there will be no problems with that right? |
If you statically/manually configure any of your clients w/ your preferred choice of DNS server, then by definition that's what they are going to use.
|Also what should I do with "Conditional forwarding" in Pi-hole settings? I assume this is needed to do what I want? |
Seems like a question best addressed by pihole. As you've described the overall configuration, the router is completely unaware of the presence of the pihole. It's only been told (via the dhcp-option) to configure the default network (br0) w/ an alternative DNS server, and that's all it knows.
Of course, by doing so you lose local name resolution and caching by DNSMasq. And since the OpenVPN client (should you chose to use it at some point) reconfigures DNSMasq to use the VPN provider's DNS servers over the tunnel, you'll lose access to that feature as well. Granted, it may not matter to you, but just something to be aware of. dd-wrt, like most third-party firmware (and even most oem/stock firmware), relies heavily on DNSMasq to support desired behavior. Once you start working *outside* DNSMasq, then you have to be aware of *all* the consequences.
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)