Shouldn't touch the WAN DNS IPs, in reality only the clients need to get the piholes DNS IP, ideally via DHCP.
So you mean in the WAN I should keep the ISP DNS because clients will use the DNS advertised by the DHCP? Or should I set Custom DNS (eg. 18.104.22.168) there too?
I want to be 100% sure to avoid using my ISP DNS due to they are very slow sometimes
Very much sure about it.
If you only do a DNAT, then Pihole will receive the packet with original source IP of lan host and will reply directly to it. Lan host will complain about receiving the reply from a different server than the one it queried with unexpected results. For that a SNAT is also applied to change the source IP of the dns query to the one of the router.
There are a couple of workarounds. First to assign the Pihole in a different interface, so SNAT is no longer needed and the Pihole will still reply via the router, so the original destination IP is restored. Second is to use edns.
There's something weird with my Home Assistant instance on a RPi4:
when I try to install an update it says "host has no connection" , so seems like it does cannot get any response from DNS server?
On my PC I can browse on any site without problem and on connection info it says
DNS Server IPv4 192.168.1.100 (the PiHole one)
Sorry I don't understand what u mean....
The router is configured to use DHCP, so both my PC and HomeAssistant have no static IP defined on device-level. I performed a static-lease definition on OpenWrt DHCP.
Searching in Home Assistant network page seems it correctly get the DHCP advertised DNS, but then seems like it cannot use or receive a bad response and then raise 'no internet on host' error
I have another issue (I try to explain here but if is too offtopic I'll open another thread)
On the same Pi where I installed PiHole, I also installed Wireguard to connect to my LAN (long story short: pihole provide a out-of-the-box settings for wireguard so I choose to install on same device).
With the old router I opened the port and everything worked correctly
Now, I added a Port Forward rule on OpenWrt and I can connect to wireguard (eg. from my smartphone using LTE network instead of WiFi) but I can only access to the device where pihole+wireguard are installed.
Any other device of the lan is not reachable and I cannot browse websites too.