Pi Hole as DNS Server via FreshTomato (Netgear R6000)

Hi guys - I’m trying to follow the “How do I configure my devices to use Pi-hole as their DNS server?” guide using Method 2 to route network DNS traffic to Pi Hole. My router is a Netgear 6000 running the lastest FreshTomato build.

My network IP addresses are:
Pi Hole:

Here’s what I have set up in FreshTomato using the guide:
Basic -> Network

Advanced -> DHCP/DNS

Pi Hole DNS set up:
Settings -> DNS

Expected Behaviour:

DNS filtering works per guide

Actual Behaviour:

Total DNS failure on all clients on the network

Debug Token:

Note - I can’t access Pi Hole with the above settings, so this Debug Token is generated using standard DNS settings in the router

Looks like DNS Rebind Protection is enabled.

Thanks @jfb. I just updated my config to the below, still no dice I’m afraid.

After you made that change, did you reboot the router? It looks like you did, but just checking.

I don’t have a manual for that router and software, but what does “Use received DNS with user-entered DNS” do?

FreshTomato automatically restarts the appropriate services and/or reboots when settings are saved.

My GoogleFu yielded this:: If your WAN obtains a DHCP address from the ISP it also gets a DNS from the ISP. The option you are asking about allows the router to use together both the ISP assigned DNS and the static DNS server(s) you specify on the Basic>Network page.

You will need to figure out how not to use the ISP DNS - or at least make it so it doesn’t get to the clients. Perhaps another user will have some FreshTomato experience - I have none.

All good, thanks @jfb!

A few more hooks:

Switch your router's upstream DNS to *not* to be Pi-hole (click for details).

You have configured your router both to distribute Pi-hole as local DNS server (via dhcp-option=6) as well as your router’s upstream DNS server (via WAN settings).

The latter defines the target DNS server your router will forward any DNS query it receives, as commonly (i.e. without Pi-hole) your clients would aks your router for hostname resolution.

At the same time, you have configured your router to be used as Pi-hole’s upstream DNS server - thereby creating a loop: Pi-hole and your router will forward the same DNS requests between themselves endlessly (or until time-out).

Clients that have been updated via DHCP to use Pi-hole as DNS server (instead of your router) will query Pi-hole directly, avoiding the loop.
However, updating might occur only on lease renewal, which would possibly leave some clients to use your router until their lease expires after 1,440 minutes.

Find out whether there is an DNS option on *Basic>Network page*, and how that does relate to your `dhcp-option` and/or your WAN DNS settings.

Any additional local DNS servers might interfere with Pi-hole’s operation.

Pi-hole does rely on being the only local DNS server in your network.

On your DHCP / DNS Server (LAN) settings, find out what *Use internal DNS* means.

Again, any additional local DNS servers might interfere with Pi-hole’s operation.

To help with that, find out which DNS servers are in use:
From a Windows client, open a command prompt and execute the following:

ipconfig all | find /i "server"

You want to verify that this lists only Pi-hole’s IP addresses as DNS server.

Yep, this fixed it! Thanks so much @Bucking_Horn!

Just to add to the knowledge base, here’s some additional infor regarding your queries:

Nope - the only option available under Basic>Network page relates to WAN.

The help information from the set up page says: Allow dnsmasq to be your DNS server on LAN. I interpret that to mean that if this option is disabled, dnsmasq (and in turn dhcp-option) are disabled.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.