Problem configuring custom DNS on my router

Azulath · May 9, 2018, 4:35pm

After reading the thread about Web Security I decided to set up my own Pihole on a spare RPi2. However, after installing it I was unable to change my routers DNS settings.

When I select DNS and click on apply, without anything I get this error message:

router02

If I manually add one and use a Static DNS IP I get the message above.

router03

If I put the IP string under quotation marks, the error looks a bit different:

router05

I considered the first error message a hint to using an IPv6 address, but when using an IPv6 address I get the same error message.

Any ideas what I’m doing wrong?

Novasty · May 9, 2018, 5:27pm

What kind of router is this?

Ruffalo · May 9, 2018, 5:57pm

Yeah, that does not look like a consumer/SOHO router to me.

Also, you should be setting the router’s DNS to the pi-hole, that way it’ll DHCP the pi-hole DNS to all devices on your LAN and you won’t see ads in phone apps and such.

cburn11 · May 9, 2018, 6:38pm

Keep in mind, if use chrome, on android at least, to use the dns supplied by your dhcp server, you need to disable chrome’s built in dns resolver:

Azulath · May 10, 2018, 2:21pm

It’s a Comtrend Vi 3223u router.

@Ruffalo I’d like to set my router’s DNS to the pi-hole. Unfortunately, this doesn’t seem to work.

Theoretically, the pi-hole is also able to manage DHCP, but I don’t see how using a different DHCP server would solve this issue. Especially since I’m using a couple of static addresses anyway…

Edit: I just realised that when using static IPs, I can configure the DNS server client side

Novasty · May 10, 2018, 2:28pm

Was this handed to you by your ISP?

Probably won’t help with the router anyways… Only truly useful when you change routers often and what to keep the same DHCP leases.

Azulath · May 10, 2018, 2:39pm

Yes it is my ISP’s…

Setting the pi-hole up as DHCP server solved the issue
Next thing I need will be a pfSense box

Novasty · May 10, 2018, 3:28pm

Cheap Chinese mini pc with multiple ethernet ports and a proc that supports AES-NI?

Azulath · May 10, 2018, 6:29pm

Maybe something like this, or my old i5 2500k.

Novasty · May 10, 2018, 6:31pm

Go for it.

risk · May 11, 2018, 4:41am

I don’t get why everyone who needs basic routing and firewalling goes to pfSense first.

If you don’t want a general purpose os, and want a simple webui you can use OpenWRT: https://we.riseup.net/lackof/openwrt-on-x86-64

It’s tiny and really really fast.

thro · May 11, 2018, 6:58am

The original error is complaining that it is not a valid ipv6 address. Which sounds very odd to me.

I’d say you’ve either hit a software bug (the form validation is broken) or are trying to enter an ipv4 DNS server address into a configuration box reserved for an IPv6 DNS server.

If your connection is IPv6 only (perhaps? i think some ISPs are handing out ipv6 only in some places now - maybe this is something to check - does your router have an IPv4 IP on it’s WAN?) you can maybe try popping in Google’s IPv6 DNS server addresses:

2001:4860:4860::8888
2001:4860:4860::8844

thro · May 11, 2018, 7:01am

If you set your router’s DNS to your internal server (behind it) you may create a loop - the router itself may be intercepting DNS traffic bound for the outside world and acting as a DNS server itself.

If you then set itself to an internal server, the internal server’s query will be intercepted and attempted to resolve by the router, using the internal server and you’ve created a DNS lookup loop.

I’d check your router to confirm whether or not it intercepts DNS queries…

thro · May 11, 2018, 7:05am

Because it is scalable, robust, well supported, has a simple web UI, has sensible defaults, etc.

pfsense will run on tiny hardware (by today’s standards) as well…

Azulath · May 11, 2018, 2:24pm

I’ve heard of OpenWRT, but the reasons for pfSense are features like like intrusion detection (snort) and stuff like that. Granted, OpenWRT would suffice, but I’d like to go the whole nine yards

@thro As mentioned in the original post I’ve tried IPv6 addresses (the Google one’s you posted actually) and it doesn’t work either. So, this might really be a bug.

cburn11 · May 13, 2018, 6:08pm

Maybe it does not accept shortened addresses: so 2001:4860:4860:0000:0000:0000:0000:8888 instead of 2001:4860:4860::8888. And you may consider the longest form that include the port [2001:4860:4860:0000:0000:0000:0000:8888]:53

Edit: forgot 2 bytes

Azulath · May 13, 2018, 6:20pm

I’ve tried the longest format (without the port though) and it isn’t accepted either. Anyway, as mentioned above, I’ve configured my pihole as a DHCP server and now everything works fine. (I might be calling my ISP though, just to be an annoyance )