@chrislph not entirely sure what you mean when you say..."best to not let Pi-hole use itself for DNS resolution".. I have an Asus RT-AC86U router using wrtMerlin and I was told to set it up like this...
and to set the router's LAN setting like this...
Your screenshots are all good.
But there is one extra client to consider – the Ubuntu OS that is running Pi-hole. How is Ubuntu's DNS configured? In your case it's configured to use Pi-hole running on itself for DNS.
This means that when Ubuntu, or the Pi-hole software itself running on Ubuntu, tries to do an update it's going to get the same blocklist rules as everything else. This might seem like a good thing but you can see what's happened here – Pi-hole needs to talk to GitHub to check for updates, but that adlist means it's blocking itself from seeing GitHub, and everything breaks.
In this case you've worked around it by whitelisting GitHub in Pi-hole, and now Pi-hole can check for updates. But there may be other domains that cause similar problems, either for Pi-hole or for Ubuntu. So it's recommended not to use Pi-hole as the DNS for the machine running Pi-hole.
Instead you can set the DNS to be something external such as your ISP's DNS or a public one. You are using already OpenDNS for Pi-hole's upstream so you might as well use those for Ubuntu as well. This page shows how to manually set the DNS. You will enter both of OpenDNS's servers:
208.67.222.222,208.67.220.220
Once done, toggle the network connection off and back on to make the change immediately. Now your situation is this:
I can try that setting, but my router has a feature that forces all clients to use Pihole, (it intercepts port 53) so even If I manually tell Ubuntu or any device to use a custom DNS server, they won't be able to and will be forced to use whatever DNS server is set at the router level.
You're right, that will break the Ubuntu DNS setting and basically put you back to what you have now already. So best leave it as it is in Ubuntu.
Here's another way to achieve the same result (not quite the same but the best you can do with your router behaving the way you describe).
192.168.1.78 and select itDefault to None and click ApplyNow your Ubuntu machine is not part of the Default group which means none of the blocks will apply to it. So in effect this whitelists your Ubuntu machine so there are no surprises from blocked domains. Now there's no need to whitelist Github because nothing is blocked.
You might not want to do this if you use the Ubuntu machine for normal web browsing and normal desktop use. In that case the setup you have now is probably the best balance between working and having ad blocking but with key domains like GitHub whitelisted.
In this case if you have any surprises later on you can try disabling that blocklist completely (just toggle it off) or disable all Pi-hole blocking from the sidebar. Then you can see if the problem goes away and you'll know it's another case of Pi-hole blocking itself or Ubuntu, to be tracked down like you did with GitHub.
Thanks for that. Good thing to try out. This is the feature I was referring to on my router, it can be turned off.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
