this post was submitted on 26 Jul 2023
28 points (91.2% liked)

Selfhosted

40734 readers
345 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Hello, friends.

So I've had my Pi-Hole setup for awhile now and it's great. I'd like to get Wireguard working with it, too, so I could browse the internet without loads of ads and trackers on the go.

However, small issue. All DNS traffic is forcibly routed to my ISP. If you need some details, I made this post on the Pi-Hole userspace.

I'm in America and my ISP is Spectrum. I was wondering if there's a way I could convince technical support to allow me to use a recursive DNS for privacy/security (more-so the second of the two) purposes, or if it is even possible to convince them to do this. I don't know if there's a specific number I should contact, email I should email to, or if I just have to endure the nightmare of getting passed around by customer service one Saturday. Any recommendations would be great.

An interesting note for anyone who's ISP is Spectrum, their DNS service, at least for me, uses OpenDNS with dnsmasq-2.57. That version of dnsmasq is over 10 years old. You see if this is the case for you with

dig CHAOS TXT version.bind @192.33.4.12 +short
dig CHAOS TXT version.bind @198.97.190.53 +short

Or something similar if those IP addresses are different for you. You can see that running those commands were a part of the steps I was asked to take in that Pi-Hole userspace post.

EDIT 1:

For those interested, here's some Github gist I found that shows how to use unbound + stubby for have a recursive DNS + DNS-over-HTTPS. There's also this from the DNS Privacy Project.

EDIT 2:

I seems that initial answer from the Pi-Hole forums was correct. There's probably something that was set in the firmware for the Netgear router that prevents me from setting up my own DNS servers. However, I notice on the router there's a "router mode" option that's on, which I can probably turn off, plug in my Pi to the Netgear device and have the Pi act as my router, thus letting me be able to use it as my DNS server as well. That or just suck it up and buy only a modem, not a router + modem combo.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 16 points 1 year ago (1 children)

I've never heard of spectrum doing this. I think it's an issue with your router. The steps you mentioned sound right, but I'm not seeing what you're seeing. I usually try to look at the advanced mode, which might have more info.

You could contact Netgear tech support, or consult their manual. Have you made sure you're on the latest firmware?

[–] [email protected] 1 points 1 year ago (2 children)

I tried to set the Pi-Hole as the DNS via the instructions here, and the exact settings for the Netgear router is under Advanced -> Setup -> Internet Setup. Everytime I've set this, no hostnames can be resolved. I followed the Pi-Hole instructions to a tee, so I don't know if I'd be missing something. Currently, the Pi-Hole acts as the DHCP server.

Have you made sure you’re on the latest firmware?

I don't even know how I would do this on this Netgear router. I see nothing in the settings to check for firmware updates, and I don't recall seeing anything in the manual. I guess I'd have to call their tech support.

[–] [email protected] 4 points 1 year ago (2 children)

Not to ask a possibly silly question but I haven't seen these questions asked and I don't know your network experience. You've supplied the actual network address of your pihole machine and not the 192.168.1.250 address shown, right? And you've set your pihole server up to have a static ip address as well, correct? You don't want it assigned dynamically and therefore randomly everytime it renews its lease.

If the ip address is statically assigned - either hard-coded as static on the machine or at least being statically assigned on your router via its mac address - then setting the dns server on your router should work. I would however assign 2nd and 3rd dns servers as Google dns or cloud flare ip addresses in case your pihole server is ever down. (1.1.1.1, 8.8.8.8 or some of the others). If that's all confirmed and your machines are not receiving your configured dns settings from the router, it's possible (seems unlikely) the spectrum supplied router is ignoring the settings and assigning their dns servers. If so, buy your own router and put it between your home network and the spectrum hardware. Then you have control and it doesn't matter what their hardware does. You'll just set yours up on a different subnet - 192.168.x where x doesn't match the same value as the spectrum network - and you should be good to go.

Good luck!

[–] [email protected] 4 points 1 year ago

If you point to 8.8.8.8 or 1.1.1.1 as a secondary DNS server will it use those to resolve ads blocked by the pi-hole?

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

You've supplied the actual network address of your pihole machine and not the 192.168.1.250 address shown, right?

I could've sworn I did that but I'll try again.

EDIT: Okay, I found the specific IP addresses for the Pi-Hole's DNS servers. I tried putting the 2 IPv4 ones, clicked the applied button and got "Invalid IPs." But what's stupid is that I can ping those IPs. There's something else going on here.

And you've set your pihole server up to have a static ip address as well, correct?

Yes I'm pretty sure it's set to have a static IP address. I'm pretty sure it's something you have to do when setting up the Pi-Hole.

the spectrum supplied router

Oh I should've clarified: this is one I bought myself, not one from Spectrum.___

[–] [email protected] 2 points 1 year ago

Ok, I see the problem. Your router needs an external DNS server for it's internet setup.

You need to set DHCP to give your pihole server as the DNS to the computers INSIDE your network. It's impossible for your router to use your LAN DNS server on the WAN port.