Asus AC68


#52

i@PiHole:~ $ sudo sed -i ‘s/PIHOLE_INTERFACE=eth0/PIHOLE_INTERFACE=wlan0/’ /etc/pihole/setupVars.conf
pi@PiHole:~ $
pi@PiHole:~ $ sudo sed -i ‘s/PIHOLE_INTERFACE=eth0/PIHOLE_INTERFACE=wlan0/’ /etc/pihole/setupVars.conf
pi@PiHole:~ $ sudo echo ‘nameserver 8.8.8.8’ | sudo tee /etc/resolv.conf
nameserver 8.8.8.8
pi@PiHole:~ $ pihole -r

[✓] Root user check

    .;;,.
    .ccccc:,.
     :cccclll:.      ..,,
      :ccccclll.   ;ooodc
       'ccll:;ll .oooodc
         .;cll.;;looo:.
             .. ','.
            .',,,,,,'.
          .',,,,,,,,,,.
        .',,,,,,,,,,,,....
      ....''',,,,,,,'.......
    .........  ....  .........
    ..........      ..........
    ..........      ..........
    .........  ....  .........
      ........,,,,,,,'......
        ....',,,,,,,,,,,,.
           .',,,,,,,,,'.
            .',,,,,,'.
              ..'''.

[i] Existing PHP installation detected : PHP version 7.0.33-0+deb9u3
[i] Repair option selected
[✓] Disk space check
[✓] Update local cache of available packages

[✓] Checking apt-get for upgraded packages… 1 updates available
[i] It is recommended to update your OS after installing the Pi-hole!

[i] Installer Dependency checks…
[✓] Checking for apt-utils
[✓] Checking for dialog
[✓] Checking for debconf
[✓] Checking for dhcpcd5
[✓] Checking for git
[✓] Checking for iproute2
[✓] Checking for whiptail

[i] Performing reconfiguration, skipping download of local repos
[✓] Resetting repository within /etc/.pihole…
[✓] Resetting repository within /var/www/html/admin…
[i] Main Dependency checks…
[✓] Checking for cron
[✓] Checking for curl
[✓] Checking for dnsutils
[✓] Checking for iputils-ping
[✓] Checking for lsof
[✓] Checking for netcat
[✓] Checking for psmisc
[✓] Checking for sudo
[✓] Checking for unzip
[✓] Checking for wget
[✓] Checking for idn2
[✓] Checking for sqlite3
[✓] Checking for libcap2-bin
[✓] Checking for dns-root-data
[✓] Checking for resolvconf
[✓] Checking for libcap2
[✓] Checking for lighttpd
[✓] Checking for php7.0-common
[✓] Checking for php7.0-cgi
[✓] Checking for php7.0-sqlite3

[✓] Enabling lighttpd service to start on reboot…

[i] FTL Checks…

[✓] Detected ARM-hf architecture (armv7+)
[i] Checking for existing FTL binary…
[i] Latest FTL Binary already installed (v4.2.3). Confirming Checksum…
[i] Checksum correct. No need to download!
[✓] Checking for user ‘pihole’
[✓] Installing scripts from /etc/.pihole

[i] Installing configs from /etc/.pihole…
[i] Existing dnsmasq.conf found… it is not a Pi-hole file, leaving alone!
[✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf

[i] Installing blocking page…
[✓] Creating directory for blocking page, and copying files
[✗] Backing up index.lighttpd.html
No default index.lighttpd.html file found… not backing up

[✓] Installing sudoer file

[✓] Installing latest Cron script

[✓] Installing latest logrotate script
[i] Backing up /etc/dnsmasq.conf to /etc/dnsmasq.conf.old
[✓] man pages installed and database updated
[i] Testing if systemd-resolved is enabled
[i] Systemd-resolved is not enabled
[✓] Restarting lighttpd service…
[✓] Enabling lighttpd service to start on reboot…
[i] Restarting services…
[✓] Enabling pihole-FTL service to start on reboot…
[✓] Restarting pihole-FTL service…
[✓] Deleting existing list cache
[i] Pi-hole blocking is enabled
[✗] DNS resolution is currently unavailable
[✓] DNS resolution is now available

[i] Neutrino emissions detected…
[✓] Pulling blocklist source list into range

[i] Target: raw.githubusercontent.com (hosts)
[✓] Status: Retrieval successful

[i] Target: mirror1.malwaredomains.com (justdomains)
[✓] Status: Retrieval successful

[i] Target: sysctl.org (hosts)
[✓] Status: Retrieval successful

[i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)
[✓] Status: Retrieval successful

[i] Target: s3.amazonaws.com (simple_tracking.txt)
[✓] Status: Retrieval successful

[i] Target: s3.amazonaws.com (simple_ad.txt)
[✓] Status: Retrieval successful

[i] Target: hosts-file.net (ad_servers.txt)
[✓] Status: Retrieval successful

[✓] Consolidating blocklists
[✓] Extracting domains from blocklists
[i] Number of domains being pulled in by gravity: 134827
[✓] Removing duplicate domains
[i] Number of unique domains trapped in the Event Horizon: 112384
[i] Number of whitelisted domains: 0
[i] Number of blacklisted domains: 2
[i] Number of regex filters: 0
[✓] Parsing domains into hosts format
[✓] Cleaning up stray matter

[✓] Force-reloading DNS service
[✓] DNS service is running
[✓] Pi-hole blocking is Enabled

[i] The install log is located at: /etc/pihole/install.log
Update Complete!

Current Pi-hole version is v4.2.2
Current AdminLTE version is v4.2
Current FTL version is v4.2.3
pi@PiHole:~ $ grep ‘IPV[4,6]_ADDRESS|PIHOLE_INTERFACE’ /etc/pihole/setupVars.conf
PIHOLE_INTERFACE=wlan0
IPV4_ADDRESS=10.1.1.240/24
IPV6_ADDRESS=
pi@PiHole:~ $


#53

Looks better.
And what bout nslookup's on Pi and client ?


#54

Ooops! Sorry!


#55

pi@PiHole:~ $ nslookup pi.hole 10.1.1.240
Server: 10.1.1.240
Address: 10.1.1.240#53

Name: pi.hole
Address: 10.1.1.240

pi@PiHole:~ $


#56

pj@pj-selgbuild:~$ nslookup pi.hole 10.1.1.240
Server: 10.1.1.240
Address: 10.1.1.240#53

Name: pi.hole
Address: 10.1.1.240

pj@pj-selgbuild:~$


#57

That look all good.
DNS is working and if you query a naughty domain, you’ll notice it gets redirected to 0.0.0.0:

nslookup doubleclick.com 10.1.1.240

I wouldn’t even bother trying to configure the Asus router to push the Pi-hole IP address for DNS resolution via DHCP to its clients as described here (method 1):

This because most Asus routers encountered push two DNS servers instead of only the Pi-hole IP address:

Better switch off the DHCP service on the Asus router and flip it on on Pi-hole:

But before that, try assign a lower static IP address to Pi-hole like for example 10.1.1.2 or 10.1.1.3.
That way you can set the DHCP range of IP addresses to be handed out to the clients (can alter later on web GUI) from lets say 10.1.1.10 up to 10.1.1.254

If you edit below file, you’ll notice it has a section at the bottom with your interface and IP address.
If edit any, you’ll need to reboot and run pihole -r reconfigure again (maybe with nameserver hack).
If you change IP address, make sure its not taken already by pinging the address first!

sudo nano /etc/dhcpcd.conf

If your interested if your Asus router’s DHCP service behaves the same as hours:

sudo apt install nmap

sudo nmap -sU -p67 --script dhcp-discover 10.1.1.1


#58

Thank you for your help…it is very much appreciated!
Can I just not leave it as it is now…it seem quite complicated to go too much further. 10.1.1.3 is available. If all I have to do is to set 10.1.1.3 as the static address for the Pi and put that ip address at the end of the dhcpcd.conf file, I think I can manage that! :slight_smile:


#59

pi@PiHole:~ $ sudo nmap -sU -p67 --script dhcp-discover 10.1.1.1

Starting Nmap 7.40 ( https://nmap.org ) at 2019-03-12 21:54 NZDT
Nmap scan report for router.asus.com (10.1.1.1)
Host is up (0.0014s latency).
PORT STATE SERVICE
67/udp open dhcps
| dhcp-discover:
| DHCP Message Type: DHCPACK
| Server Identifier: 10.1.1.1
| IP Address Lease Time: 20h18m24s
| Subnet Mask: 255.255.255.0
| Broadcast Address: 10.1.1.255
| WPAD:
|
| Domain Name Server: 10.1.1.240, 10.1.1.1
|_ Router: 10.1.1.1
MAC Address: xxxxxxxxxxxxxxxx (Asustek Computer)

Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds
pi@PiHole:~ $


#60

Hmmm! Maybe I over reacted…it does not seem too complicated. Just turn off on Asus and turn on on Rpi?


#61

"But before that, try assign a lower static IP address to Pi-hole like for example 10.1.1.2 or 10.1.1.3 .
That way you can set the DHCP range of IP addresses to be handed out to the clients (can alter later on web GUI) from lets say 10.1.1.10 up to 10.1.1.254

If you edit below file, you’ll notice it has a section at the bottom with your interface and IP address.
If edit any, you’ll need to reboot and run pihole -r reconfigure again (maybe with nameserver hack).
If you change IP address, make sure its not taken already by pinging the address first!

sudo nano /etc/dhcpcd.conf"

So, let me sure I understand this. On my PC I assign 10.1.1.3 to my RPi. Then I just need to go to dhcpcd.conf and change the IP address as the end (which now reads 10.1.1.240). Do the pi -r and it is all done!?


#62

I don’t understand…it was running properly and then all I did was download nmap and ran the command you suggested…and the result is above…Now, adblocking is not longer on!..despite a sudo reboot!!


#63

Above bit shows your router is misbehaving same as ours and pushing two DNS servers to its clients via the routers DHCP service.
The 10.1.1.240 DNS address is blocking ads but the router address 10.1.1.1 is not.
You can configure the Asus router to use the Pi-hole IP address for upstream resolution in the WAN part of the router, but then you miss out on the great stats being displayed on the web GUI (see the other threads).
Thats why the switch to Pi-hole’s own DHCP service if you like stats.

You dont assign anything on the client PC.
Leave the DNS settings on the client default to acquire IP details like IP address, subnet mask, DNS servers and gateway automatically via DHCP from either the router or Pi-hole’s own DHCP service.

Yes, if that 10.1.1.3 address is available, put that in place in the /etc/dhcpcd.conf file at the bottom part in the wlan0 section.
After changing IP and saving the file, you’ll need to reboot Pi to apply.
And afterwards you need to reconfigure Pi-hole (nameserver hack to be safe plus pihole -r) to use the newly assigned static IP address 10.1.1.3 instead of 10.1.1.240.
Next step is to disable the DHCP service on the router, and activate Pi-hole’s own DHCP service using the web GUI.
When activating Pi-hole’s DHCP service, you can assign the range of IP addresses to hand out to the clients to be 10.1.1.10 up to 10.1.1.254.
Afters witching DHCP, reboot your client PC and other client devices so they pick up the new Pi-hole DHCP server which in turn supplies the clients with the correct IP details including one DNS server … the Pi-hole IP address.

Testing on a client can be done with nslookup.
If you leave out the Pi-hole IP address at the end and only lookup the name pi.hole, nslookup will query the DNS server thats configured in the OS (supplied via DHCP) eg:

nslookup pi.hole

What do you mean ?
Did something break ?
nslookup's not working anymore ?
What errors do you see or post a screenshot (you can copy/paste images here) ?
Installing nmap and running it should not have changed anything related to networking or Pi-hole.
I’ve installed nmap and run it on countless occasions without any troubles.


#64

pi@PiHole:~ $ nslookup doubleclick.com 10.1.1.240
Server: 10.1.1.240
Address: 10.1.1.240#53

Name: doubleclick.com
Address: 0.0.0.0

pi@PiHole:~ $ nslookup pi.hole 10.1.1.240
Server: 10.1.1.240
Address: 10.1.1.240#53

Name: pi.hole
Address: 10.1.1.240

pi@PiHole:~ $

The above were my commands. Before my commands, the webpage (Bitcoin.jpg) after the commands the webpage (BitcoinAfter.jpg). Seems very weird?!!

…advert gone. Maybe it has to do with this dual DNS problem?


#65

What happens to the network if the Rpi - which sets the DHCP - fails for some reason. What should be/is the back up? Is it manual or will it happen automatically?


#66

Can you point out whats weird ?
Its getting late and am bit sleepy.

Am not sure what stage your in ?
Have you switched DHCP from router to Pi-hole by now and your still seeing ads on the client PC ?
Try reboot the client PC to force it to renew its DHCP lease @ Pi-hole.

If you configure your Asus router’s WAN DNS to default or point to any other external DNS server (not Pi-hole), you only have to flip on the DHCP service on the router in case the Pi dies.


#67

Sorry, I did not make myself very clear. The bright orange advert “Stream as much as you like…” was showing in the Bitcoin page before I ran the nslookup scripts. After I ran the scripts it was no longer showing. I have not yet changed the DHCP to the Pi. So, surmising, that the difference in the webpages (the orange advert) is part of the dual DHCP problem? No?


#68

Yes this is most likely the dual DNS problem.
Two DNS servers pushed from the Asus router to the clients via DHCP.

Pew. had to edit few times … sleep catching up.
Nighty night.


#69

Thank you, sleep well!


#70

Sorry, am confusing DHCP and DNS!! :frowning: my bad!


#71

Why does my Alexa Dot show up as a client …and then has some of its requests blocked? Seems strange as I seldom use it!