Some clients queries are listed as coming from the (OpenWrt) router and not each one separate

Help Community Help
1

Hi,
since some time (I think some weeks) my Pi-Hole installation shows all the queries from the clients that haven't custom DNS (like the Echo devices, smart plugs, etc.. where I can't change the DNS) as they're queries from my router. The clients where I'm able to change the DNS are listed correctly as separated devices.

The Pi-Hole is not acting as DHCP server, the router is doing it, but I haven't changed the DHCP setting, so I don't know exactly what is going on. Maybe there's a way to tell to the router to avoid the "router tagging" in the DHCP config?

Thanks

Here's my router DHCP config. The router IP is 192.168.1.2, the Pi-Hole IP is 192.168.1.4. Yes I haven't set the DNS in the LAN interface, but if I do it, all the clients queries appear as if they are coming from the router.

root@R4S:~# cat /etc/config/dhcp 

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option ednspacket_max '1232'
	option authoritative '1'
	option localservice '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
2

Hello Guilio.

I'm not familiar with OpenWRT but your LAN behavior sounds much like mine.

I'm running AsusWRT-Merlin which has a DNSFilter feature. I use this feature to force my DHCP set DNS IP (pihole) on devices that have hard-coded DNS IPs and refuse to use my DHCP DNS IP. This DNS queries show on my pihole logs as my router (just like in your case)

This behavior does not bother me as the router is doing what I expect it to do, which is to capture all rogue DNS queries and direct them my pihole.

Now for debugging purposes, so that I may be able to see from what specific device X, Y or Z DNS query is coming from, I connect M, N or P device to a "Guess Nework" (isolated WiFi AP) This way queries show on pihole coming from a specific static IP which I've assigned to the device in question.

Perhaps OpenWRT has a feature like DNSFilter and happens to be ON and this is why you are seeing all of your devices DNS queries showing under your router's IP/hostname.

I hope this info helps you.

3

Hi!

Thanks for the reply, I found the solution, something was changed when I switched from snapshot to stable OpenWrt build. I had to restart the dnsmasq service, and -most important- the echo devices, now they are correctly reported as separated clients

Screen Shot 2022-10-05 at 07.44.52
Screen Shot 2022-10-05 at 07.44.522018×1042 140 KB

You can read more in this OpenWrt post: Clients without custom DNS queries listed as coming from router (and not the clients) - #5 by giuliomagnifico - Network and Wireless Configuration - OpenWrt Forum

Anyway you have to use option 6 in your DNS in the router, to forward the names to the Pi-Hole. It should be possible because I use OpenWrt and DD-WRT and is possible on both, so it should be also in MerlinWRT.

just write

6,192.168.1.x

(x is your Pi-Hole IP) in the dnsmasq option.

4

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.