1

I'm using a Pi-hole DNS server in my home network to block advertisements and malicious hosts.

Here is my network configuration:

  • My internal home network is on 192.168.34.xxx
  • Network Gateway router (Model TL-R470T+) is at 192.168.34.1
  • Pi-hole DNS server is at 192.168.34.101

On my macbook, whenever I connect to my Wifi network, the DNS tab automatically shows this:

enter image description here

Where did the 2 other entries come from? I have only added one entry for DNS in my router configuration page:

enter image description here

Even running scutil --dns gives me the DNS servers being used.

enter image description here

Due to this, my DNS requests are not even hitting my 192.168.34.101 server but instead going to 192.168.34.1 I think. Assuming that a mac does not do its own DNS resolution from apple (?)

If I add the DNS explicitly in mac wifi settings, the DNS requests are then hitting my DNS server. How do I stop my gateway resolving the DNS requests without using my DNS server?

enter image description here

Doing the above works, but it is not the correct solution. How do I make my macbook use my DNS server without specifying explicitly?

YD8877
  • 121
  • 1
  • 5

2 Answers2

1

To expand on the solution provided by Eugen Rieck.

Some routers / DHCP servers will let you put the same IP for primary and secondary DNS, that could be better for the clients than a bogus address.

It looks like it's possible to disable DHCP on the TP-Link. You could move that functionality to the PiHole. You would have to set a static IP for the PiHole.

Ost99
  • 21
  • 2
0

First of all: Try to fill something invalid into your secondary DNS field - something like 192.168.34.254. Many routers will put their own address into the secondary field if it is left blank.

But: Many routers do not allow you to completly override the DNS settings sent by the DHCP server. This might be true for your TP-Link (and it definitly IS true for many ISP-supplied routers, when the ISP wants to sell your DNS history).

I have not really solved but "hacked away" this problem time and time again with a bit of brute force - here is how:

  • Set your Router to only supply a single IP via DHCP (e.g. Range 192.168.34.50-192.168.34.50)
  • Add a virtual IP on your PiHole as DHCP client
  • This implies, that after a reboot (other clients off) the only DHCP address your router supplies is consumed by a dummy interface
  • Run a DHCP Server on your PiHole, supplying the rest of the desired range, eg. 192.168.34.51-192.168.34.220. Here you can override all options, including the DNS option and make it point solely to the PiHole.

Clients connecting might take a bit longer, as the DHCP process may need a few tries, but this usually works.

Again: This is not elegant, but it's quite best you can do without double NAT on a router that does not really allow you to override DNS.

Eugen Rieck
  • 19,950
  • 5
  • 51
  • 46
  • is there a reason you don't simply disable DHCP completely on the router and let the PiHole deal with it? The router would still be the gateway. – Yorik Feb 22 '22 at 21:33
  • 1
    @Yorik Yes, there is: On those routers, where the you can't override the DHCP options, you typically can't disable it as well. I should have made that more clear. – Eugen Rieck Feb 26 '22 at 12:50