You probably installed Pi-hole with tun0 as your default interface.
By enabling it like this, you will allow Pi-hole to answer to queries originating from different interfaces.
Just make sure that port 53 is not exposed to the outside.
I've installed Pi-hole as eth0 as I did it for OpenVPN. Anyway I've chosen "Listen on all interfaces, permit all origins" and nothing changed. How can I be sure that port 53 isn't exposed by the routers? I've only opened the port for OpenVPN on my router
You have a few options here.
Option 1. Manually specify 192.168.1.76 as your ONLY dns on the clients
Here's why:
Option 2. You can see if you can use the DNS setting in your 192.168.1.254 and specify the IP of Pi-hole as your DNS.
Option 3. You can try to disable DHCP in 192.168.1.254 and enable it in 192.168.1.76 (Pi-hole) and let Pi-hole manage the DHCP settings (that way, everything that connects to the network will get the Pi-hole IP as it's DNS).
Option 4. If 2 and 3 are not available, you will have to tweak the DHCP settings in your 192.168.1.254 and then use option 3 ... something like this: https://discourse.pi-hole.net/t/swapped-to-new-router-please-help/18602/13?u=ramset
Thank you for your support. I finally found how to change DNS on my principal router (at least I guess) but I think they are not really changed (I had to set cloudflare as DNS because using Pi-hole's IP was a mess), because if I test it with "nslookup flurry.com" this is the answer
Server: dsldevice.lan
Address: 192.168.1.254
Risposta da un server non autorevole:
Nome: flurry.com
Addresses: 74.6.136.153
98.136.103.26
212.82.100.153
So nothing changed even if I changed DNS. The error is there but sadly the router that ISP gave me is a crap, but that's the way to fix the problem. Now I can set a static DNS to every device I have or buy new router where I can finally set proper DNSs. Thank you
Try find below settings page and enter the Pi-hole IP in the "Primary DNS" field.
Leave the "Secondary DNS" field empty or if not accepted, enter the Pi-hole IP here as well or enter 0.0.0.0.
Need to renew clients DHCP leases afterwards by disconnecting them from network and reconnect ... or reboot them.
I've followed that guide to change DNS, I've inserted cloudflare's DNS but then the result is always the same. It's like they fool you around changing DNS that will never change for real (I'm talking about my ISP router). Speaking about the tp-link router it's easier to change DNS, I did it before opening this thread but it wasn't working. All the troubles come from ISP router
I have a question that probably could fix my problem. What if I change the Gateway address, during pi-hole configuration, and instead of setting 192.168.1.254 (my ISP router) I set 192.168.1.1 (the router I have into my house)? Then I can enable into my router the DHCP. But then how reacts the ISP router with DHCPs? I can't turn it off there because my mom and brother use that router to their home. Also I tried yesterday to turn it off, using only Pi-hole as DHCP, but none of my devices wroked, it looks like the ISP router has to have DHCP on otherwise nothing works.
I have no idea how your network topology looks like ... but
both the Technicolor and TP-link routers allow you to configure the DNS server(s) to be pushed via DHCP to the clients:
And you have to make sure when you change any DHCP settings, you'll have to reboot the client PC used for testing, or renew DHCP lease in other way, for these changes to become effective on the client.
I did a dhcp-discovery against my both routers and these are the results
sudo nmap -sU -p67 --script dhcp-discover 192.168.1.254
Starting Nmap 7.40 ( https://nmap.org ) at 2019-04-07 00:53 CEST
Nmap scan report for 192.168.1.254
Host is up (0.0062s latency).
PORT STATE SERVICE
67/udp open|filtered dhcps
MAC Address: XX:XX:XX:XX:XX:XX (Technicolor)
Nmap done: 1 IP address (1 host up) scanned in 6.94 seconds
sudo nmap -sU -p67 --script dhcp-discover 192.168.1.1
Starting Nmap 7.40 ( https://nmap.org ) at 2019-04-07 00:54 CEST
Nmap scan report for 192.168.1.1
Host is up (0.00023s latency).
PORT STATE SERVICE
67/udp closed dhcps
MAC Address: XX:XX:XX:XX:XX:XX (Tp-link Technologies)
Nmap done: 1 IP address (1 host up) scanned in 1.96 seconds
And this is the test with DNS properly set
nslookup flurry.com
Server: dsldevice.lan
Address: 192.168.1.254
Risposta da un server non autorevole:
Nome: flurry.com
Addresses: 98.136.103.26
74.6.136.153
212.82.100.153
So today I decided to set DNS to Technicolor router (ISP router), I had troubles because every time I changed DNS all the IP's given by that router were resetted after the reboot of itself. So it was hard to set the right DNS with the same IP of Pi-hole, but in the end I had success. I changed also DNS to my TP-Link router and the result is that Pi-hole doesn't work: or at least that's what this page tells me, but from the Pi-hole's web page I can see that it blocks queries. So as you can see from the tests above it seems that there are still problems (for sure related by my ISP and its router, one of the worst router ever) but from the Pi-hole's web page seems that somenthing works. While, if I change DNS into my PC's Wi-Fi card, everything works, even DNSSEC test. I still don't understand what's going on here