ER605 Router - DNS SERVER (pi hole) cannot ping router - router can ping DNS ???

[AlexMalex]

Hi,



I am having an extremely weird issue if no one else could solve this its 100% a bug as I cannot get my head around it.



I've just purchased a new ER605 set it up all worked fine, now I have a pi hole server which runs my DNS and DHCPs always worked fine with my previous router no issues. now when setting up the router I had my primary DNS set to 192.168.0.2 (dns and dhcp server) I connect to the internet perfectly fine and all other hosts are fine too.



I noticed in the system logs that router cannot connect to NTP server, so I did a quick ping test from the router - the router was not connecting to the outside and it said it couldnt reach DNS !!! even though everyone is connected to the internet. so what I did was I added a secondary DNS server 1.1.1.1 or 8.8.8.8 (external DNS server) and boom it connected to the outside and synced with the NTP all working fine.



NOW the main issue I found is, my pihole (which is also an adblocker) was acting a bit weird on the logs so I thought ill give the router a ping to test it out and the pings were not reaching, yet everyone else can ping the router perfectly fine.

ping log from pihole machine:

$ ping 192.168.0.1

PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.

^C

--- 192.168.0.1 ping statistics ---

41 packets transmitted, 0 received, 100% packet loss, time 637ms


$ traceroute 192.168.0.1

traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets

1 192.168.0.1 (192.168.0.1) 0.741 ms 0.680 ms 0.378 ms

2 * * *

3 * * *
goes on to 30 * * *




I did a lot of search online and I simply could not find where the issue was. The only way I could make the DNS/DHCP Server (pihole) to ping the router was when I removed the DNS primary ip (192.168.0.2) from the PPPoe settings and had 8.8.8.8 instead !!! that is so weird.



I am not an expert in routing but I know my way around it a "bit" - when I do an ip route check the following shows. (this is the routers ip route table).



ID Destination IP Subnet Mask Next Hop Interface Metric
1 0.0.0.0 0.0.0.0 195.*.*.* WAN 0
2 127.0.0.0 255.0.0.0 0.0.0.0 lo 0
3 168.*.*.* 255.255.255.255 0.0.0.0 eth1.4094 0
4 192.168.0.2 255.255.255.255 195.*.*.* WAN 0
5 195.*.*.* 255.255.255.255 0.0.0.0 WAN 0
6 8.8.8.8 255.255.255.255 195.*.*.* WAN 0
7 192.168.0.0 255.255.255.0 0.0.0.0 LAN 0




now I dont know about you guys but ID 4 doesnt look right to me? I could be wrong... by the way these all automatically generated.

Do you reckon i will need to add a manual static ip route? if so, what ip route?





Could someone please HELP as I have no other ideas...





Many Thanks in advance.

 

[bremen1874]

It seems quite reasonable that the WAN side of your router isn't able to use a non-routable IP on the same subnet as the LAN side for its DNS. Not even sure why you'd want it to (it isn't going to impact your Pi-hole's ability to filer the DNS for your LAN clients).

 

[Sin_Chase]

Why have you specified your local PiHole 192.168.x address on your PPPoE session? This isn't required and is invalid anyway. This will be why your router has established a route for 192.168.0.2 out of WAN0. (unroutable)

Your PiHole DHCP should serve clients such that they use your PiHole as a DNS.

Manually set your routers nameserver to your PiHole address so that any resolution your router wants to do works (System queries, NTP, firmware updates etc) The router should have an independent nameserver option, this isn't your PPPoE session.

If you want to be ultra cautious (I am) setup a firewall rule to block all DNS traffic except that originating from your PiHole. This prevents IoT, Smart TVs and other devices with hardcoded DNS servers from resolving outside of your PiHole.

 

[AlexMalex]

First of all thank you both for your responses. highly appreciated.

I was under the impression that the router instructs everyone who the DNS server is? so everything could route that way instead? on my previous netgear router I had the same settings all worked fine so i thought its the norm to set primary DNS to the internal DNS server that I have.

Also if I remove the pihole address from primary DNS to lets say 8.8.8.8 wouldn't that set all new hosts DNS that connect to the network to 8.8.8.8? if thats the case the purpose of pihole's adblock would go out the window no? or am i wrong?

Manually set your routers nameserver to your PiHole address so that any resolution your router wants to do works (System queries, NTP, firmware updates etc) The router should have an independent nameserver option, this isn't your PPPoE session.

I think i know what you are talking about but the router doesnt have an independen nameserver option. it only has the PPPoE option for the DNS. the only other place I have seen that you can add your DNS was under routers DHCP, which means I will have to disable piholes DHCP and enable routers DHCP and that way I could set the DNS to pihole which is not a very ideal option.

 

[bremen1874]

The only good reason I can to be using Pi-hole’s DHCP is if you have a router that doesn’t allow it’s DHCP to be configured to point the clients to the Pi-hole.

 

[Sin_Chase]

The DNS server on your PPPoE session doesn't matter. Your clients WILL use their DHCP configured DNS option so it doesn't matter what your ISP assigns to your PPPoE session. For sanity and to catch possible direct resolution your router wants to make for itself (NTP for example) I'd set your PPPoE DNS to the same as your PiHole upstream DNS server (Whether that's 8.8.8.8 or 1.1.1.1 or whatever else you use)


In a Vanilla router only setup the PPPoE session would initialise and set the upstream DNS server to whatever your ISP sets (Normally their own). The router DHCP would ordinarily set the DHCP DNS option to itself. Client DNS queries would then hit the router who would then resolve it using the upstream DNS server (As set during the PPPoE session initialising).

In your setup the PPPoE DNS server doesn't matter as your clients go to your PiHole for resolution. The PiHole will directly use the upstream DNS server you have configured.

 

[AlexMalex]

The DNS server on your PPPoE session doesn't matter. Your clients WILL use their DHCP configured DNS option so it doesn't matter what your ISP assigns to your PPPoE session. For sanity and to catch possible direct resolution your router wants to make for itself (NTP for example) I'd set your PPPoE DNS to the same as your PiHole upstream DNS server (Whether that's 8.8.8.8 or 1.1.1.1 or whatever else you use)


In a Vanilla router only setup the PPPoE session would initialise and set the upstream DNS server to whatever your ISP sets (Normally their own). The router DHCP would ordinarily set the DHCP DNS option to itself. Client DNS queries would then hit the router who would then resolve it using the upstream DNS server (As set during the PPPoE session initialising).

In your setup the PPPoE DNS server doesn't matter as your clients go to your PiHole for resolution. The PiHole will directly use the upstream DNS server you have configured.

Interesting... thank you. I guess I will give it a try and see if the adblocker traffic is still the same on the pihole and revert back to you with an update probably in a day or two.

Highly appreciate the help and fingers crossed it would divert the traffic through pihole as you mentioned.

 

[Sin_Chase]

Interesting... thank you. I guess I will give it a try and see if the adblocker traffic is still the same on the pihole and revert back to you with an update probably in a day or two.

Highly appreciate the help and fingers crossed it would divert the traffic through pihole as you mentioned.

No need to cross fingers. If your DHCP gives out your PiHole as a DNS then that's what your clients will use.

 

[Rainmaker]

As above. Rip out the config and start again. You want a 192.168.0.0/24 subnet (according to what you've posted). Set the router's WAN as required (PPPoE, DHCP, whatever). Disable the router' DHCP server and assign the router a static LAN IP of 192.168.0.1 (255.255.255.0 or /24). Set its DNS to 192.168.0.2. On the Pi, make sure DHCP is set to a /24 (255.255.255.0) and that the dynamic range starts away from your servers (even if that's 192.168.0.10 to 192.168.0.254 in your case - the .255 is reserved for broadcast). Restart the router and PiHole device and see how you go.

Edit: Also, you said:

I was under the impression that the router instructs everyone who the DNS server is? so everything could route that way instead? on my previous netgear router I had the same settings all worked fine so i thought its the norm to set primary DNS to the internal DNS server that I have.

No, the DHCP server tells people what DNS server to use (provided you've set that option in its config, either through the GUI or in the .conf file - eg 'option dns-server 192.168.0.2'). It just so happens that, for most people, the DHCP server is on the router. In your case they're two different devices, and it's the PiHole (DHCP server) that instructs clients what gateway, DNS and so on to use.

You are right that you can set the router to use an internal DNS though. I've done it that way for years. It's the router's job to route between two networks, in this case WAN and LAN. It knows full well where the PiHole/DNS is, but in your case something's been misconfigured and mixed up somewhere.

 

[bremen1874]

Why so complicated?

Leave the Pi-hole to deal with DNS only. Configure it with a static or reserved IP so you know where it is.

Configure the router's DHCP settings to point the clients to the Pi-hole's IP for DNS.

Pi-hole being able to handle DHCP is a useful feature but is irrelevant if the router's DHCP server isn't too locked down (i.e. some ISP supplied routers).

 

[Rainmaker]

Why so complicated?

Leave the Pi-hole to deal with DNS only. Configure it with a static or reserved IP so you know where it is.

Configure the router's DHCP settings to point the clients to the Pi-hole's IP for DNS.

Pi-hole being able to handle DHCP is a useful feature but is irrelevant if the router's DHCP server isn't too locked down (i.e. some ISP supplied routers).

It's easier to have DNS informed of LAN hostnames when DHCP's run in conjunction with it though.

 

[AlexMalex]

No need to cross fingers. If your DHCP gives out your PiHole as a DNS then that's what your clients will use.

Update: works like a charm - thanks bud.

I dont know why but I always thought the router needs to tell everyone where to go for DNS and needed to be pointed out on the PPPoE, I guess I was wrong.

Loving this forum I have to say , very responsive, thank you all.

Next stop VLAN config as my smart switch has arrived today.