ASUS 87U with Pi-Hole DNS issues

[Aidan]

Hi, I’m new to this group and I am hoping that someone can resolve my problem. I have an Asus 87U behind my main router running a VPN client. This works great allowing me to send clients through the VPN or via WAN. I recently introduced a Raspberry Pi 4B model for ad blocking and have added this to my setup by setting it as LAN DNS in my ASUS router. All works okay except for my WAN clients are getting a UK IP but are using the DNS of the VPN which i didnt want. I have set WAN dns as Quad9 but they don’t seem to use that. I have also changed VPN client to strict, relaxed or exclusive but no joy. I have tried changing lots of different settings but it makes no difference. My WAN clients should be using Quad 9 as set on my main and ASUS router, so not sure what is occurring.

Share the knowledge

You need to login in order to vote

[UK Sentinel]

Hi, is your ASUS 87U running stock firmware of ASUSWRT-Merlin ?

Edit: Apoligies, I just checked, did you realise the RT-AC87U is no longer supported by ASUS for firmware releases.

What is main router ?

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Aidan]

Hi,

Yes, I am running Merlin firmware at 384.13_10 which is quite old but as you said it is not supported any longer. I may have to update my router to a newer model. Just thought I would be able to get this to work. I know the latest firmware has a tab for director.

Share the knowledge

You need to login in order to vote

[UK Sentinel]

DNS can be tricky.

on the 87U is VPN > Accept DNS Configuration set to ‘DISABLED’ as this then should just ignore DNS pushed by remote VPN server ? (if you older ASUSWRT-Merlin firmware version supports this option).

Just going through the basics, On your ASUS Router (VPN Server) is WAN DNS set to Quad9 and the LAN DNS to the Pi’s IP Address

i.e.

• Advanced Settings > WAN > WAN DNS Setting > ‘DNS set to Quad9’
• Advanced Settings > LAN > DHCP Server > ‘DNS set to Pi’s IP Address’

 

What DNS IP does the VPN clients end up using and are you using the guests wifi ?

I am thinking out loud but assume issue with rouge DNS has happened since introduction of Pi’s. maybe a idea to move the Pi’s to the ASUS’s DMZ.

This may make the architecture simpler especially and you main router (upstream) should still provide a proper firewall type service.

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Aidan]

Hi,

I’ve changed the accept DNS to disabled but it made no difference. I do have Wan DNS set to Quad9 on Asus router and the main router. Lan on Asus is set to Pi-hole and it is blocking ads.

My VPN is set to Luxembourg and when I do a DNS leak test on a WAN client it is using the DNS of VPN which is also Luxembourg.

Aside from this I am running Unbound with Pi-hole but that hasn’t caused any issues that I know of.

 

Share the knowledge

Liked by:

You need to login in order to vote

[UK Sentinel]

Interesting, was there the VPN / DNS issue before you installed the Pi-hole  ?

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Aidan]

No, now you mention it is wasn’t doing that before.

Share the knowledge

You need to login in order to vote

[Aidan]

If I remove the Pi-hole from the situation, then the wan clients start using Quad9. Ummm must be something in the Pi-hole setup.

Share the knowledge

You need to login in order to vote

[UK Sentinel]

Are you able to try the Pi-hole in a DMZ, just for testing purposes ?

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Aidan]

If i just select DMZ which ip to I need to put in there?

Share the knowledge

You need to login in order to vote

[Aidan]

I just put Pihole to DMZ but still using DNS from VPN.

Share the knowledge

You need to login in order to vote

[UK Sentinel]

give the router and vpn clients a reboot and see if that does anything

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Aidan]

No difference after reboot. Not sure why it’s forcing wan clients to use dns of vpn. Tried loads of different settings but to no avail.

Share the knowledge

You need to login in order to vote

[UK Sentinel]

It is odd, are you using the guest wifi ?

Alas not familiar with Pi-Hole configuration but maybe is the Pi-Hole also offering DHCP service for LAN clients on same IP subnet ?

 

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Aidan]

Pi-hole does have DHCP but I’m not using it as I have set dhcp in ASUS router for LAN clients. Not using the guest WiFi either.

Share the knowledge

You need to login in order to vote

[Author]

Posts