Discussion Thread Pi-Hole Sticky

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sun Jan 09, 2022 13:03    Post subject: Reply with quote
That is not the optimal way to setup a WAP.

The Local IP should be within the primary subnet but different from the main router so if the main router is 192.168.1.1 the WAP can be 192.168.1.2

Gateway and Local DNS should be set to the main router (you can argue to set Local DNS pointing to the Pi-Hole, but as your main router already points to the Pi-Hole I would set the IP address of the main router here)

DHCP should be off and not set as Forwarder!

https://wiki.dd-wrt.com/wiki/index.php/Wireless_Access_Point

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Sponsor
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Sun Jan 09, 2022 16:46    Post subject: Reply with quote
unlucky1 wrote:

Pi Hole:
Settings > DNS > Upstream DNS Servers
Custom 1 (IPv4) - Checked - 192.168.1.1 (Gateway)


this is definitely wrong... why does the Pi-Hole use your router as upstream DNS server?

There you have to choose any upstream DNS server like Google (8.8.8.8 ) or if you use Unbound enter the address from Unbound (for example 127.0.0.1#5335)

Do you notice yourself?

1. DNS server in router is the Pi-Hole
1. DNS server in Pi-Hole is the router

DNS ∞

Wink
unlucky1
DD-WRT User


Joined: 09 Mar 2013
Posts: 75

PostPosted: Sun Jan 09, 2022 18:19    Post subject: Reply with quote
egc wrote:

The Local IP should be within the primary subnet but different from the main router so if the main router is 192.168.1.1 the WAP can be 192.168.1.2


That is the way it's set.
Gateway is 192.168.1.1
WAP is 192.68.1.6

See 220109 Setup.png below


egc wrote:
Gateway and Local DNS should be set to the main router (you can argue to set Local DNS pointing to the Pi-Hole, but as your main router already points to the Pi-Hole I would set the IP address of the main router here)

DHCP should be off and not set as Forwarder!

https://wiki.dd-wrt.com/wiki/index.php/Wireless_Access_Point


So, I read that article. In the event I misread it (probable), this is what works and stopped the errors in the Pi Hole. I'll read it again.

So, yeah, Gateway IP should be the Gateway IP. Local DNS says optional. I'll try the Gateway IP again.

See Screenshot 2022-01-09 121617.jpg below

_________________
TP-Link TL-WDR4300 v1 (NAS) - r54682
Buffalo WZR-600DHP (Gateway, NAS, DDNS, DHCP) - r54682
Netgear R7800 (Gateway, DDNS, DHCP, DNSMASQ w/Pi Hole) - r54682
Netgear R7800 (AP) - r54682


Last edited by unlucky1 on Sun Jan 09, 2022 19:17; edited 1 time in total
unlucky1
DD-WRT User


Joined: 09 Mar 2013
Posts: 75

PostPosted: Sun Jan 09, 2022 18:30    Post subject: Reply with quote
ho1Aetoo wrote:
Leave the fields "Router IP > Gateway" and "Router IP > local DNS" empty.

Do not use "local DNS" for the Pi-Hole but use "Static DNS 1-3" only.

do not use "Conditional forwarding"

and no i don't have 200.000 request in 60sec
so it should come to your mind that something is wrong configured and running in a loop Smile


Ok this is why I cleared those fields.

ho1Aetoo wrote:
this is definitely wrong... why does the Pi-Hole use your router as upstream DNS server?

There you have to choose any upstream DNS server like Google (8.8.8.8 ) or if you use Unbound enter the address from Unbound (for example 127.0.0.1#5335)

Do you notice yourself?

1. DNS server in router is the Pi-Hole
1. DNS server in Pi-Hole is the router

DNS ∞


No, I think it works. At least, I'm not seeing errors in the Pi Hole anymore. It appears to be working the way I had it. Where would I look to verify?

_________________
TP-Link TL-WDR4300 v1 (NAS) - r54682
Buffalo WZR-600DHP (Gateway, NAS, DDNS, DHCP) - r54682
Netgear R7800 (Gateway, DDNS, DHCP, DNSMASQ w/Pi Hole) - r54682
Netgear R7800 (AP) - r54682
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Sun Jan 09, 2022 18:47    Post subject: Reply with quote
As I said before, delete the "custom DNS".
and choose Google IPv4 from the list or another upstream DNS server (google is the fastest)
You can of course also enter the IP from "Cleanbrowsing" or use Cloudflare.

In no case the address of the router belongs in there.

Rolling Eyes

PS: do not ask for help if you do not believe me.
unlucky1
DD-WRT User


Joined: 09 Mar 2013
Posts: 75

PostPosted: Sun Jan 09, 2022 19:05    Post subject: Reply with quote
ho1Aetoo wrote:

PS: do not ask for help if you do not believe me.


I believe you. I'm just confused. I thought that is the way I had it before and it wouldn't work. Trying it again now.

I'm one of those guys that loves to do this stuff but gets yelled at for not being smart enough to be doing it so...

I'm just trying to learn and I apologize if my inability to effectively communicate is giving you the impression that I'm not appreciative of the help. 'cause I am.

I think I'll go back and delete all my posts once I get it working to avoid the embarrassment and not confuse others. Now I'm scared to ask about setting up dual WAN with fail over.

_________________
TP-Link TL-WDR4300 v1 (NAS) - r54682
Buffalo WZR-600DHP (Gateway, NAS, DDNS, DHCP) - r54682
Netgear R7800 (Gateway, DDNS, DHCP, DNSMASQ w/Pi Hole) - r54682
Netgear R7800 (AP) - r54682
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Sun Jan 09, 2022 19:43    Post subject: Reply with quote
No need to be "scared"

But I think I have described this sufficiently well

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1240341#1240341

ho1Aetoo wrote:
2. example

Client <--> DD-WRT <--> Pi-Hole <--> Public DNS


But you have built a loop into your configuration

Client <--> DD-WRT <--> Pi-Hole <--> DD-WRT <--> ?

As long as the Pi-Hole itself has internet access, it will certainly work as I have written.
pierrasis
DD-WRT Novice


Joined: 03 Feb 2022
Posts: 10

PostPosted: Fri Feb 04, 2022 15:47    Post subject: Reply with quote
Why does this happen?



Code:
pi@raspberrypi:~ $ sudo sed -i 's/^\(stop-dns-rebind\)$/#\1/' /etc/dnsmasq.d/$USER.conf

[b]sed: can't read /etc/dnsmasq.d/pi.conf: No such file or directory[/b]
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Fri Feb 04, 2022 16:00    Post subject: Reply with quote
"file does not exist"

If the file does not exist then it does not need to be modified.

This is also described in the sticky "dns rebind protection must be disabled - if it was previously enabled by the user".

If the user has not enabled it before then there is nothing to disable.
Wickiman
DD-WRT Novice


Joined: 11 Jun 2015
Posts: 37
Location: Germany/Mexico/China

PostPosted: Wed Feb 16, 2022 14:30    Post subject: Reply with quote
Hello ho1Aetoo,

I switched from Adblock for DD-WRT written by Yamaraj to pihole. Pihole is running using the Additional DNSMasq Options:
dhcp-option=6,192.168.12.40

I also have a Guest Wifi which has been working while using Adblock for DD-WRT but since I use pihole I don't get any Internet connection while friends connect.

My normal Wifi IP range is from 192.168.12.120 - 192.168.12.170
The Pihole IP is 192.168.12.40
The Guest Wifi IP Range is 192.168.10.1 - 192.168.10.50.
Pihole is using the google DNS, no further adjustments, also no further changes in dd-wrt. Static DNS (DHCP) and Local DNS (Router IP) is 0.0.0.0

Are there any iptables that can help to solve this problem?

Thank you so much
Wickiman

_________________
Netgear AC1900/R7000 DD-WRT v3.0-r37015M (09/23/18 ) kongac
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Wed Feb 16, 2022 15:37    Post subject: Reply with quote
Well, the purpose of an isolated guest WLAN is that the guests do not have access to the regular network.

Therefore, guests can never have direct access to the Pi Hole, otherwise the network isolation would not work properly.

So from a theoretical point of view, it is already correct and everything works properly. Wink

Quote:
Additional DNSMasq Options:
dhcp-option=6,192.168.12.40


This is wrong - it applies to all interfaces

To exclude the VAP's from this you should use the following

Code:
dhcp-option=br0,6,192.168.12.40


(You only have to enter the Pi-Hole as static DNS1 in the router.)

But in general I would advise against this configuration.
I always recommend "example 2" is actually the best and most compatible configuration.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1256876#1256876

And "example 2" also works with isolated VAPs (is also stated in the description).
Wickiman
DD-WRT Novice


Joined: 11 Jun 2015
Posts: 37
Location: Germany/Mexico/China

PostPosted: Thu Feb 17, 2022 14:25    Post subject: Reply with quote
Thanks ho1Aetoo,

I will try when the internet is not in use by my family.

Still one question, my DD-WRT Kong version is from 2018. Any problem that I don't have "Ignore WAN DNS" or "Maximum Chached Entries"?

I am using DD-WRT v3.0-r37015M kongac (09/23/1Cool.

_________________
Netgear AC1900/R7000 DD-WRT v3.0-r37015M (09/23/18 ) kongac
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Thu Feb 17, 2022 14:43    Post subject: Reply with quote
Quote:
Still one question, my DD-WRT Kong version is from 2018. Any problem that I don't have "Ignore WAN DNS" or "Maximum Chached Entries"?


Well ... with regard to "Ignore WAN DNS" just check in "Status_Internet.asp" that the static DNS is at the top (then it's no problem).
If the DNS servers of the ISP are listed first then it is bad.


Regarding "Maximum Cached Entries" - you can define this yourself as "additional dnsmasq options".

Code:
cache-size=0



Otherwise, in case of problems - the firmware is too old - no official support

(as i do not have such an old firmware in operation and cannot test it myself)
Wickiman
DD-WRT Novice


Joined: 11 Jun 2015
Posts: 37
Location: Germany/Mexico/China

PostPosted: Fri Feb 18, 2022 2:46    Post subject: Reply with quote
The DNS which I can see is the one from my VPN provider.
Looks more challenging for my point of view.

I will try and see if it is working and let you know.

_________________
Netgear AC1900/R7000 DD-WRT v3.0-r37015M (09/23/18 ) kongac
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Tue May 24, 2022 14:10    Post subject: Reply with quote
I have rewritten the sticky a bit so that you can download the additional configuration files (e.g. for unbound) comfortably via wget.

If there are any problems then please report here.
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 3 of 8
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum