Pi-Hole only works when set manually from client, but doesn't resolve when set at router level

Please follow the below template, it will help us to help you!

If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using nginx instead of lighttpd, or there is some other aspect of your install that is customised) - please use the Community Help category.

Expected Behaviour:

All clients dynamically pull down the local pi-hole IP, and all traffic requests resolve through pi-hole.

Actual Behaviour:

I have been researching for the last few days and have read through a number variations of this issue. I have pihole running on an rpi4 at 192.168.1.108 and I have several clients manually set to resolve through it. DHCP addresses are pulled down from the eero router, then the clients resolve via pihole. Works flawlessly.
After a few days of testing at the client level, I decided to try pihole network wide. I set a single ipv4 dns entry at the router via the eero app and nothing resolves for any client, including those that still have the manual DNS server assignment. My set up:

  • router: eero pro @ 192.168.1.1, primary dns set to 192.168.1.108, no secondary dns set, ipv6 off

  • pihole: rpi4 running a light version of raspbian @ 192.168.1.108, v5.0 across the board. OOB blocklists, gravity is up to date, ipv6 is off for eth0

  • rpi's resolv.conf: 127.0.0.1 only

I have tried all sorts of things like bouncing services, adding and removing dns entries on the rpi via nmcli. Several times, I have tried pihole -r, but my outcome remains the same.

Finally, I generated the debug tokens after resetting the DNS at the router to the known good configuration, so certain things appear resolving in the logs, like the following. I suspect this is because the debug log was generated after, not during the issue, though the issue is likely present just minutes before in the log. If there is a better way to run this action, happy to do it, just let me know how. Thanks!

Any help or advice would be appreciated!

Debug Token:

v59gnynju4
hi73u2iv7m

I was having the same problem, sadly my router prioritizes it's ISP DNS over the one I provide when it hands out IP addresses ( I suspect this is your case as well ).

The way around it is to set up PiHole as the DHCP server, I literally made this change 2 days ago and it has been flawless.

This is what I followed, hope it helps:
https://blog.cryptoaustralia.org.au/instructions-for-setting-up-pi-hole/#:~:text=Under%20settings%2C%20there%20should%20be,the%20router%20address%20is%20correct.

Ugh, I would prefer not to use pihole as a DHCP server because the eero routers have a lot of added capability when they're managing client addressing.

I'd be surprised if any kind of prioritization was going on though, because if I set the eero to point to pihole for DNS, nothing resolves at all. Not from anywhere. If I ssh into the pihole, for example, I can't ping anything -- not 8.8.8.8, not google, nothing. But, if I set the eero back to its autoconfigured DNS settings, the pihole begins working again as expected, as do all devices on the network... with the one exception that devices have to manualy be set to use the pihole for DNS. It's bizarre.

I have tried everything I can think of including physically reconnecting the network so th

If you try to ping directly to 8.8.8.8 and it doesn't work this indicates a network issue, not primarily a DNS issue as there is no name resolution involved (aka no DNS).

Did you already search the forum for eero - there are a some of reports, one mention "Local DNS Caching Activated" which might intercept all DNS queries and could cause trouble.
Have you checked for a DNS Loop - what is your EERO's and your pihole's upstream DNS server?

1 Like

Thanks for the input! You know, "eero" is probably the one thing I didn't look for. I will do that.

Figured it out!

The important detail was that I am running HomeBridge on the same rpi that pihole is on! With homekit secure enabled on the eero router (but potentially any other router too that has this feature), the rpi was considered a homekit accessory and it was effectively firewalled from unsanctioned external connections. That in combination with telling every client to resolve through this firewalled device turned off the internet. So, problem solved!

a) no secondary ipv4 entry required

b) turn off homekit secure as this will impede pihole if homebridge is on the same box!

Hope this helps others!!

1 Like