I know this is not the right place to ask this.
Try my luck.
Any one have succeed story integrated pi-hole with mikrotik router?
You can easily assign it as the DNS from the DHCP Server menu (Under the IP tab).
I'm currently working on having the Pi also act as my DHCP server, which will likely change how I need to assign the DNS as well.
1 Like
thanks creon for you reply.
You are using pi as dhcp server. So mikrotik router and local network receive IP from pi-hole?
i will try to this on my hotspot network. i hope it works.
i saw 1 or 2 guide from reddit how to use pihole with mikrotik router.
but somehow still client not using pi-hole as dns server.
btw, Is there any additional configuration from firewall side or NAT on mikrotik router?
Yes there is extensive configuration available for the firewall, but it's all done via the command line. If you'd like a guide on how to force ALL traffic to your pi-hole using ipchains check out this link: https://www.reddit.com/r/pihole/comments/5g249i/tip_redirect_all_dns_to_pihole_with_mikrotik/
1 Like
Unfortunately RouterOS still hasn't got "real" openvpn support or secure dns. The only workaround I found is to set Mikrotik to reroute DNS over a split OpenVpn (ie DNS only, not traffic. The Mikrotik instructions are terrible but the key is can only be a basic profile without tls Auth) to pihole. I do this to a pihole running on an Azure VM.
This is far from ideal but as its only the DNS traffic its better than nothing. For clients than via Mikrotik inbound to pihole you can use dnscrypt-server / wrapper as the sdns stamp makes things easy. You can also use dnscrypt-server or dnscrypt-proxy upstream from pihole. Sure you could use openvpn but split vpn isn't reliable on mobile devices so unless you are ok with both DNS and Traffic being routed over the VPN then dnscrypt is a better and cheaper solution; Also you can still use a different VPN at the same time (although in practise doh / dot would be needed). There is very little discussion on Doh DoT "to" pihole only upstream and its a pity pihole seems to be ignoring it.