Hello, friends.

So I’ve had my Pi-Hole setup for awhile now and it’s great. I’d like to get Wireguard working with it, too, so I could browse the internet without loads of ads and trackers on the go.

However, small issue. All DNS traffic is forcibly routed to my ISP. If you need some details, I made this post on the Pi-Hole userspace.

I’m in America and my ISP is Spectrum. I was wondering if there’s a way I could convince technical support to allow me to use a recursive DNS for privacy/security (more-so the second of the two) purposes, or if it is even possible to convince them to do this. I don’t know if there’s a specific number I should contact, email I should email to, or if I just have to endure the nightmare of getting passed around by customer service one Saturday. Any recommendations would be great.

An interesting note for anyone who’s ISP is Spectrum, their DNS service, at least for me, uses OpenDNS with dnsmasq-2.57. That version of dnsmasq is over 10 years old. You see if this is the case for you with

dig CHAOS TXT version.bind @192.33.4.12 +short
dig CHAOS TXT version.bind @198.97.190.53 +short

Or something similar if those IP addresses are different for you. You can see that running those commands were a part of the steps I was asked to take in that Pi-Hole userspace post.

EDIT 1:

For those interested, here’s some Github gist I found that shows how to use unbound + stubby for have a recursive DNS + DNS-over-HTTPS. There’s also this from the DNS Privacy Project.

EDIT 2:

I seems that initial answer from the Pi-Hole forums was correct. There’s probably something that was set in the firmware for the Netgear router that prevents me from setting up my own DNS servers. However, I notice on the router there’s a “router mode” option that’s on, which I can probably turn off, plug in my Pi to the Netgear device and have the Pi act as my router, thus letting me be able to use it as my DNS server as well. That or just suck it up and buy only a modem, not a router + modem combo.

  • topnomi@kbin.social
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    I’ve never heard of spectrum doing this. I think it’s an issue with your router. The steps you mentioned sound right, but I’m not seeing what you’re seeing. I usually try to look at the advanced mode, which might have more info.

    You could contact Netgear tech support, or consult their manual. Have you made sure you’re on the latest firmware?

    • AlecStewart1st@lemmy.worldOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      2
      ·
      1 year ago

      I tried to set the Pi-Hole as the DNS via the instructions here, and the exact settings for the Netgear router is under Advanced -> Setup -> Internet Setup. Everytime I’ve set this, no hostnames can be resolved. I followed the Pi-Hole instructions to a tee, so I don’t know if I’d be missing something. Currently, the Pi-Hole acts as the DHCP server.

      Have you made sure you’re on the latest firmware?

      I don’t even know how I would do this on this Netgear router. I see nothing in the settings to check for firmware updates, and I don’t recall seeing anything in the manual. I guess I’d have to call their tech support.

      • ReluctantMuskrat@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        Not to ask a possibly silly question but I haven’t seen these questions asked and I don’t know your network experience. You’ve supplied the actual network address of your pihole machine and not the 192.168.1.250 address shown, right? And you’ve set your pihole server up to have a static ip address as well, correct? You don’t want it assigned dynamically and therefore randomly everytime it renews its lease.

        If the ip address is statically assigned - either hard-coded as static on the machine or at least being statically assigned on your router via its mac address - then setting the dns server on your router should work. I would however assign 2nd and 3rd dns servers as Google dns or cloud flare ip addresses in case your pihole server is ever down. (1.1.1.1, 8.8.8.8 or some of the others). If that’s all confirmed and your machines are not receiving your configured dns settings from the router, it’s possible (seems unlikely) the spectrum supplied router is ignoring the settings and assigning their dns servers. If so, buy your own router and put it between your home network and the spectrum hardware. Then you have control and it doesn’t matter what their hardware does. You’ll just set yours up on a different subnet - 192.168.x where x doesn’t match the same value as the spectrum network - and you should be good to go.

        Good luck!

        • wallguy22@lemmy.ml
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          If you point to 8.8.8.8 or 1.1.1.1 as a secondary DNS server will it use those to resolve ads blocked by the pi-hole?

        • AlecStewart1st@lemmy.worldOP
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          You’ve supplied the actual network address of your pihole machine and not the 192.168.1.250 address shown, right?

          I could’ve sworn I did that but I’ll try again.

          EDIT: Okay, I found the specific IP addresses for the Pi-Hole’s DNS servers. I tried putting the 2 IPv4 ones, clicked the applied button and got “Invalid IPs.” But what’s stupid is that I can ping those IPs. There’s something else going on here.

          And you’ve set your pihole server up to have a static ip address as well, correct?

          Yes I’m pretty sure it’s set to have a static IP address. I’m pretty sure it’s something you have to do when setting up the Pi-Hole.

          the spectrum supplied router

          Oh I should’ve clarified: this is one I bought myself, not one from Spectrum.___

      • topnomi@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Ok, I see the problem. Your router needs an external DNS server for it’s internet setup.

        You need to set DHCP to give your pihole server as the DNS to the computers INSIDE your network. It’s impossible for your router to use your LAN DNS server on the WAN port.

  • Tenkian@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    Another option you can have, install the cloudflared service on your pihole and use that as a DNS server. Cloudflared can take DNS requests from your clients and then proxy those requests over DoT to an upstream server which supports DNS over TLS. I have used Google in the past for this. I had great success with this solution inside a corporate environment which blocked port 53 to all outside the network.

    • ChrislyBear@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Could you elaborate on this please? Isn’t cloudflared a tunnel INTO the machine running a service? Can you use the same tunnel for outbound traffic as well?? Where does the traffic end up? How does this work?

      • Tenkian@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        It was a while ago, so I can’t remember exactly but there is a good article here The cloudflared daemon is setup to run a standard DNS server over TCP/UDP port 53 as normal. You configure the upstream DNS to be DoT based. The clients then send DNS requests as normal to the cloudflared service and then they convert them to DoT upstream and the response is then sent back to the client as a normal DNS response.

    • AlecStewart1st@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I know there’s a way to do a recursive DNS with DNS-over-HTTPS. I believe there’s a guide out there on how to do this with unbound and stubby on OpenBSD.

  • psud@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    You can have your own machine do DNS lookups, a Linux box with BIND, and any other of your computers can have the DNS resolver set to that machine

    You need to forward port 53 from your router (usually a wifi router) to the machine running the DNS

  • duffkiligan@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    I have spectrum and they don’t forcibly route anything for me.

    You must have either their modem maybe? Or you have the DNS helper setting where if you mistype a url it redirects you.

    Either way there is a way to disable it because it doesn’t happen for me and hasn’t in the many years I’ve had them across the country.

    • AlecStewart1st@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Hmmm then it’s something with the modem I have then. I can’t set the DNS address. It’s some cheap Netgear modem. If I go to Advanced -> Setup -> Internet Setup and click Use These DNS Servers and put in the address for the Pi-Hole, it prevents me from doing so.

      • duffkiligan@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        I think you mean router, since you would most likely not set DNS on a modem (unless it’s a combo) — but yes I would look into getting something better that you have more control over.

        Edit: gotta love new Lemmy clients that spam comment replies 🤦‍♂️

        • AlecStewart1st@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It’s a combo. Most are these days, I believe, but I know Spectrum is weird and will give you a router AND modem if you just buy it through them. What device would you recommend? I don’t want to buy one just to find out I can’t set the Pi-Hole as the DNS server on a new one.

          • RoyalEngineering@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I would recommend putting that modem in Bridge mode and getting something like a TP-Link Omada device. I’ve had them for a while and have been really happy.

            • AlecStewart1st@lemmy.worldOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 year ago

              Seems like I could potentially get around my issue by taking the device out of this “router mode” setting I found and connecting my Pi to it via Ethernet cable and have the Pi be the router for my network.

              EDIT: Actually, scratch that. I don’t think a Pi would be powerful enough to act as a router. Well, off to by a modem (not a combo) it is!

          • duffkiligan@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I use a Unifi system which is going to be overkill for 99% of people, but as far as Modems only go Arris Surfboards are solid and I’ve never had an issue.

            For router you can get whatever is your fancy, mesh system or a big multi antenna whatever.

            • Clegko@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Moto’s DOCSIS modems are pretty damn solid, too. I’ve had one at my MIL’s house doing gigabit for a few years now and haven’t had a lick of issue with them.

              • duffkiligan@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                That’s still a combo device which I generally would avoid. But basically anything that isn’t provided by the cable company will be better.

  • SheeEttin@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I’ve had Spectrum. They shouldn’t be doing this. See if there’s an option in your account settings. They might call it some kind of malware protection. Else, call support and ask.

    • AlecStewart1st@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      As I said to someone else, it must be the Netgear modem. If I go to Advanced -> Setup -> Internet Setup and click Use These DNS Servers and put in the address for the Pi-Hole, it prevents me from doing so. Or, rather, I can set the addresses, but then I have no internet access. Hostnames don’t get resolved, so I’m wondering if I’m missing something?

      • Lucid5603@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        If you set the dns address manually for a device instead of relying on DHCP does dns work then? That should work fine no matter what your router is giving out.

        • AlecStewart1st@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          This is what Pi-Hole tells you to do, maybe I’m misunderstanding something: https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245

          EDIT: I’m specifying this because I cannot do what’s instructed in that link, and can only have the Pi-Hole be my networks DHCP server. As the post-install instructions say:

          If your router does not support setting the DNS server, you can use Pi-hole’s built-in DHCP server; just be sure to disable DHCP on your router first (if it has that feature available).

          • Lucid5603@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Right, that makes sense if you can’t adjust your router’s DNS. However, you can manually change the IP address of the DNS servers you want to use per device. I recommend trying to change the DNS on your computer or something to your pi-hole’s IP address. If you do that and can get internet access you should be good. If not then you can check the pi-hole logs to see if it’s getting any of the DNS queries. Feel free to DM me for more help.

  • di5ciple@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    I choose not to open any ports to the Internet for security reasons. But use tailscale to allow access to my home network while im away. It was an easy setup and can put it on all my devices.

      • dditty@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I use PiVPN (wireguard protocol) on the same pi I use for pihole exactly like this. Port isn’t forwarded, but I can split tunnel DNS for adblocking on the go and still ssh to my other server