Redefining DNS from router to a box running pi-hole

Discussion in 'Tomato Firmware' started by darksky, Jun 20, 2017.

  1. darksky

    darksky Addicted to LI Member

    Is the proper place in tomato to redefine the primary DNS entry from the router to a specific box on the network under Basic>Network>Static DNS?

    Rationale is to have a box running pi-hole be the primary DNS server for the entire LAN.
  2. ruggerof

    ruggerof Network Guru Member

    Basic - Network - WAN Settings
    - DNS Server = Manual
    - DNS1 = IP of PiHole
    - DNS2 = blank

    Advanced - DHCP/DNS
    - Use internal DNS = checked
    - Use received DNS with user-entered DNS = unchecked
    - Prevent DNS-rebind attacks = unchecked

    The above should work but PiHole will log all requests as coming from your gateway. If you want that your PiHole logs the requests of your individual hosts you will have to define DNS servers via DNSMasq custom configuration.
    darksky likes this.
  3. darksky

    darksky Addicted to LI Member

    Thank you for the reply. For reference, mine settings are in a slightly different location (Toastman):

    A few questions come to mind:
    1) Is there a way one can configure the DNS here such that the router is used as a fallback should the pi-hole box be down?

    2) Can you point me to the name of the dnsmasq configuration to allow for the individual hosts to be passed to pi-hole rather than the entire LAN?

    EDIT: In addition to the above setting, one should also disable the internal DNS.

    In summary:
    1) Basic>Network>Static DNS = (whatever the IP of pihole is)
    2) Advanced>DHCP/DNS ... UNCHECK "Use internal DNS"

    Once setup, be sure to renew dhcp leases on clients and you should be good to go. As added bonus is that pihole now shows dns queries on a device-basis under top clients.
    Last edited: Oct 30, 2017
  4. ruggerof

    ruggerof Network Guru Member

    I don't even know if this is even possible.

    It only works for IPs outside of your DHCP range. For IPs inside your DHCP range the DNS is set in Basic - Network - WAN Settings (or equivalent in Toastman builds) as already discussed.

    The example below sets the DNS server as for IPs in the range of to The lease time is set for 1 day.

    Speaking of DHCP range, in your setup your PiHole is inside of your DHCP range. As per fundamental principle your PiHole is a server whose IP should be static and outside of any DHCP server range to avoid any conflict. I strongly recommend you to reduce your DHCP IP range to at least If by any chance you also have "static" IPs set in Tomato, set your DHCP range to exclude them too!!!
  5. darksky

    darksky Addicted to LI Member

    Good tip about the tomato DHCP range for my server. I fixed it. I am confused about the following though:
    I set this in /etc/dnsmasq.conf but I do not see it taking effect in the pi-hole query logs... I still see all clients being identified as "tomato-lan1"
  6. ruggerof

    ruggerof Network Guru Member

    It only works for hosts that are outside of the DHCP range.

    In the example I've given, the range from to are outside of the DHCP range; so if a host is statically assigned to, Tomato's DNSMasq will forward the request to and as a consequence PiHole logs the request coming from At least this is what is happening to me.

    Attached Files:

  7. darksky

    darksky Addicted to LI Member

    I understand... pity there isn't a way to do it keeping them in the range so tomato and manage. Thank you for your help....

    A new question: why not define two dns servers, primary = pi-hole and secondary =
  8. darksky

    darksky Addicted to LI Member

    Just to update, the best solution for TomatoUSB is to simply use the following under Advanced>DHCP/DNS>Dnsmasq Custom configuration:
    Do NOT change Basic>Network>Static DNS (unless you want to use custom DNS entries).
    Do NOT uncheck Advanced>DHCP/DNS>Use internal DNS.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice