Blocking all outbound dns inquiries, except pihole

I’m trying to find a good set of rules to force everything thru pihole on my network.

This site seems to have the best write up I’ve found but it is for pfsense

Is there any chance of a translation for openwrt?

Huge thanks,

Hijacked DNS timeouts - #6 by vgaetera

1 Like

What device in your network is Your router or ?

Did a dns leak test, as ads are still randomly showing up, and instead of just cloudflare it seems my iPad is most persistent at bypassing pihole...

Is it using cellular data to find non-responsive servers then?

Test complete

Query round Progress... Servers found 1 ...... 1 2 ...... 2 3 ...... 1 4 ...... 1 5 ...... 1 6 ...... 2

IP Hostname ISP Country None Cloudflare Seattle, United States Rogers Cable Vancouver, Canada Shaw Communications Calgary, Canada

That should be your DNS server.

Make sure to disable DoH in the browser.

Do you have IPv6 connectivity?

1 Like

Ok thanks, will run that script shortly

I can’t find anything on disabling doh in ios14

No ipv6 on my network setup

1 Like

Turns out I had to set my wan dns back to my pihole as well

As it was leaking through that interface randomly.

You should disable peer DNS instead:

uci -q delete network.wan.dns
uci -q delete network.wan6.dns
uci set network.wan.peerdns="0"
uci set network.wan6.peerdns="0"
uci commit network
/etc/init.d/network restart

And specify internal DNS on the LAN interface.

1 Like

So set wan dns to 0 basically then?

No, it is ignoring the nameservers advertised to you from your ISP.
Don't forget to add the Pihole nameservers in lan interface configuration.

1 Like