1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Redefining DNS from router to a box running pi-hole

Discussion in 'Tomato Firmware' started by darksky, Jun 20, 2017.

  1. darksky

    darksky Networkin' Nut Member

    Is the proper place in tomato to redefine the primary DNS entry from the router to a specific box on the network under Basic>Network>Static DNS?

    Rationale is to have a box running pi-hole be the primary DNS server for the entire LAN.
     
  2. ruggerof

    ruggerof LI Guru Member

    Basic - Network - WAN Settings
    - DNS Server = Manual
    - DNS1 = IP of PiHole
    - DNS2 = blank

    Advanced - DHCP/DNS
    - Use internal DNS = checked
    - Use received DNS with user-entered DNS = unchecked
    - Prevent DNS-rebind attacks = unchecked

    The above should work but PiHole will log all requests as coming from your gateway. If you want that your PiHole logs the requests of your individual hosts you will have to define DNS servers via DNSMasq custom configuration.
     
    darksky likes this.
  3. darksky

    darksky Networkin' Nut Member

    Thank you for the reply. For reference, mine settings are in a slightly different location (Toastman):
    resize.png

    A few questions come to mind:
    1) Is there a way one can configure the DNS here such that the router is used as a fallback should the pi-hole box be down?

    2) Can you point me to the name of the dnsmasq configuration to allow for the individual hosts to be passed to pi-hole rather than the entire LAN?

    EDIT: In addition to the above setting, one should also disable the internal DNS.

    In summary:
    1) Basic>Network>Static DNS = 192.168.1.155 (whatever the IP of pihole is)
    2) Advanced>DHCP/DNS ... UNCHECK "Use internal DNS"

    Once setup, be sure to renew dhcp leases on clients and you should be good to go. As added bonus is that pihole now shows dns queries on a device-basis under top clients.
     
    Last edited: Oct 30, 2017
  4. ruggerof

    ruggerof LI Guru Member

    I don't even know if this is even possible.

    It only works for IPs outside of your DHCP range. For IPs inside your DHCP range the DNS is set in Basic - Network - WAN Settings (or equivalent in Toastman builds) as already discussed.

    The example below sets the DNS server as 192.168.1.200 for IPs in the range of 192.168.1.50 to 192.168.1.120. The lease time is set for 1 day.

    Code:
    dhcp-range=set:anynamehere,192.168.1.50,192.168.1.120,1d
    dhcp-option=tag:anynamehere,option:dns-server, 192.168.1.200
    Speaking of DHCP range, in your setup your PiHole is inside of your DHCP range. As per fundamental principle your PiHole is a server whose IP should be static and outside of any DHCP server range to avoid any conflict. I strongly recommend you to reduce your DHCP IP range to at least 192.168.1.199. If by any chance you also have "static" IPs set in Tomato, set your DHCP range to exclude them too!!!
     
  5. darksky

    darksky Networkin' Nut Member

    Good tip about the tomato DHCP range for my server. I fixed it. I am confused about the following though:
    I set this in /etc/dnsmasq.conf but I do not see it taking effect in the pi-hole query logs... I still see all clients being identified as "tomato-lan1"
     
  6. ruggerof

    ruggerof LI Guru Member

    It only works for hosts that are outside of the DHCP range.

    In the example I've given, the range from 192.168.1.50 to 192.168.1.120 are outside of the DHCP range; so if a host is statically assigned to 192.168.1.141, Tomato's DNSMasq will forward the request to 192.168.1.200 and as a consequence PiHole logs the request coming from 192.168.1.141. At least this is what is happening to me.
     

    Attached Files:

  7. darksky

    darksky Networkin' Nut Member

    I understand... pity there isn't a way to do it keeping them in the range so tomato and manage. Thank you for your help....

    A new question: why not define two dns servers, primary = pi-hole and secondary = 8.8.8.8
     
  8. darksky

    darksky Networkin' Nut Member

    Just to update, the best solution for TomatoUSB is to simply use the following under Advanced>DHCP/DNS>Dnsmasq Custom configuration:
    Code:
    dhcp-option=6,192.168.1.250
    Do NOT change Basic>Network>Static DNS (unless you want to use custom DNS entries).
    Do NOT uncheck Advanced>DHCP/DNS>Use internal DNS.
     

Share This Page