I am using a pi-hole with a Fritz!Box 7390. Pi hole seems operational, but valid queries do not pass through the router. I can see in the pi-hole logs, the query reaches the pi-hole, and is forwarded to the upstream DNS. But there it stops. Timeouts.
I have tested with nslookup, switching DNS servers from fritz to RPi, results are consistent from any machine, including RPi itself. RPi is not linked through any managed switch, but directly to the router
any suggestions? port forwarding perhaps?
Can you ping your router from the Pi-Hole? I might have the same issue.
yes, I can. I can also ping external DNS's (8.8.8.8 etc) as well from the Pi. In the pi log, you can see the requests from clients being processed on the fly.
I was about to ask whether you can reach the internet via pings, but it is good that this works. I have a setup where something similar is happening - I don't allow port 53 to be forwarded to the outside of my network, except if the originate from my Pi-hole. This is done to prevent users in my network from being able to use just any DNS server and force them to use the Pi-hole.
However, there are two main differences:
Just a thought... Maybe this behavior is intended in the Fritzbox and has to be disabled somewhere.
you are probably right this is intentional. I have a question pending with my provider whether it can be manipulated in some way. I saw in one of the postings by the developers in this forum "some" tweaks can be done by the provider wtihout using Telnet. I will also try with AVM, who built the Fritz
opening port 53 did not help either. probably one-way traffic from the outside in, not the other way which I need.
You should close port 53. Otherwise your Pi-hole could potentially be used to assist in an attack later on. Opening ports will only affect incoming packets. Outgoing packets are virtually always allowed from all ports.
Is your provider a public provider (like Telekom, etc.) or within a restricted environment (University campus, shared Internet connection in flat-sharing community, etc.)? If it is the latter, then the likeliness for someone messing around with outgoing port 53 privileges increases dramatically.
closed port 53 right after the test. 
Just received a reply from AVM.
++++++++++++++++++++++++++++++++
Jake Lee (AVM Support)
25 jan. 14:56 CET
Dear Sir,
Unfortunately it is not possible to run your own DNS in your LAN
Apologies for the inconvenience
Kind regards from Berlin
Jake Lee (AVM Support)
++++++++++++++++++++
Odd answer. I have seen reports of people who got it working, by client-side DNS referral. Why is the configuration in the menu then? I do not think it's very useful asking again or referring to those reports
maybe there's a difference between 7490 and 7390 (I have a 7390)
Hi Peter,
I use the fritzbox and I have the 7490.
For me it's working but you need OS version >6.50. In lower versions it's not possible to enter a different DNS server.
I just checked the AVM site for the 7390 and the latest OS version is 6.53. The patchnotes show that a local DNS server option was added 6.50 release (https://en.avm.de/service/downloads/download/show/18847/)
If you have OS > 6.50 you need to set the DNS here:
Home Network > Home Network Overview > Network Settings > [IPv4 Settings] & [IPv6 Settings]
Can you check your OS version and update it if required?
I found a solution for the Fritz. I should not use the upstream DNS as a reference in the PI , but the FritzBox itself (192.168.178.1). Apparently queries are passed on to the upstream DNS, which I can see in the logs. All works fine now.
