Configuring the WAN DNS settings on router in light of pihole, AND UNbound running on pihole

The issue I am facing:

  • i tried some research on reddit but a conversation there doesnt speak about how their recommended settings might differ if unbound is part of the equation.

Details about my system:
pihole with unbound

What I have changed since installing Pi-hole:

if i had allowed for choosing WAN side DNS automatically, would be making for my router to obtain DNS servers from my isp?

should i define DNS1 with my router IP, but not if i did not have unbound (i do)

should i say YES to " Forward local domain queries to upstream DNS" because i am running unbound?

and no, if i only have pihole, but no unbound?

my research was on this thread:

Your router settings do not change if you are running unbound or not running unbound. Unbound is the upstream DNS server for Pi-hole, not for the router.

Looks like an Asus router.
Best options are:

  1. Default router WAN settings;
    Enable the DHCP service in Pi-hole;
    Disable the DHCP service on the router;
    Reboot a client to renew DHCP lease and test with nslookup pi.hole in a cmd prompt.
  1. Flash the Asus stock firmware with the Merlin one (if the router is on the supported list) and push Pi-hole's IP address through DHCP to the clients as the only DNS server;
    Make sure the "Advertise router’s IP in addition to user-specified DNS" setting on the router is switched off.

All other solutions will not give you individual client stats on the Pi-hole web GUI.

just want to follow up on some of my findings in past few hours. I input my pihole IP into the WAN side DNS. my computers seemed to work until it didn't, but i had some confusion as i was setting my router VPN entries again.

basically this is yes, a Asus router... with Merlin. I had flashed to a newer instance of Merlin earlier today and had to input all my entries into the router, some in new places as the interface is slightly different.

I noticed I had a DNS leak using one of those testing sites, so I changed the WAN DNS selection back to YES, for Connect to DNS server automatically. Retested the leak and it was gone.

  • I had this pihole set up about a week ago, things were going well the past 5 days, (with DHCP responsibiilty coming from the router) so this week i worked on upgrading the firmware on the router from Merlin to newer Merlin, that is.

+thanks Jfb, for that clarification regarding the role of unbound.

im on a router configured vpn and my dns is leaking again. this afternoon i went to DNS Leak Test - BrowserLeaks out of curiosity and it tells me my dns is the ip of my .... provider.

that ip, i have not coded anywhere in my router.

i had mentioned, changed the WAN side DNS back to "connect automatically" and last night it was not leaking any more... as well as dns was working again... it had suddenly stopped working after dinner time when my household resumed internet activities.

predinner, i was testing with the wan dns set as the pihole address.

++ i just realized due to me having this entry in my router caused perhaps my pihole to 'pop' out of my router set vpn tunnel, and perhaps was the cause of the leak, the leak seems to be gone after i deleted the entry which looked something like this:


because i have another rule that says something like this:

however, this might be important for me?...rerunning the ipleak test, it now tells me my DNS is the same as my IP address (my vpn IP that i am hiding behind).

i dont think that my dns is really being resolved my my vpn dns instead of my pihole doing the job?

Which provider? ISP or VPN provider?

hi jfb. it showed up as the ISP.

my ip showed up as my VPN... good, as i was behind my vpn, but my dns was that of my isp.

i also added a few comments into my earlier post about another question about all this.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.