-
Notifications
You must be signed in to change notification settings - Fork 0
Install on Asuswrt‐Merlin
This guide will configure Pi-hole to replace the firmware's DNS resolver.
-
Install Entware through AMTM by following the instructions on this wiki page.
-
Add
piholeuser in USB Application -> Servers Center -> Samba.
Alternatively, you could also use/jffs/configs/passwd.addand/jffs/configs/group.add(look here). -
Install Pi-hole package by following the instructions on the main wiki page.
During the installation a random password will be generated for the web interface, you can change it withpihole setpasswordcommand later. -
Enable custom scripts by turning on
Enable JFFS custom scripts and configsin Administration -> System. -
Create
/jffs/scripts/dnsmasq.postconf:
#!/bin/sh
[ -z "$1" ] && exit 1
# Make firmware Dnsmasq listen for DNS on non-default port (we need it for the reverse lookups)
# If this device is not a DHCP server then you may replace 8053 with 0 to disable Dnsmasq's DNS server
if ! grep -q "^port=8053" "$1"; then
sed '/^port=/ s/^/#/' -i "$1"
sed "/^user=/a port=8053" -i "$1"
fi
# Force firmware dnsmasq to advertise itself as DNS server via DHCP
if ! grep -q "^dhcp-option=lan,6,0.0.0.0" "$1"; then
sed '/^dhcp-option=lan,6,/ s/^/#/' -i "$1"
sed "/^user=/a dhcp-option=lan,6,0.0.0.0" -i "$1"
fi
# Make sure system uses Pi-hole for DNS requests
# This is optional, you can skip it if you don't want software
# and addons installed on the router to query Pi-hole
resolvconf="$(readlink -f /etc/resolv.conf)"
if ! head -n 1 "$resolvconf" | grep -q "^nameserver 127.0.0.1"; then
sed '/127.0.0.1/d' -i "$resolvconf"
sed '1i nameserver 127.0.0.1' -i "$resolvconf"
fi-
Make it executable -
chmod +x /jffs/scripts/dnsmasq.postconf -
Edit
/opt/etc/pihole/pihole.tomland modify:
Change192.168.1.0/24to match your LAN network andlanto match your LAN domain name.
If the device you're installing on is not your DHCP server then you will also need to replace127.0.0.1#8053with your DHCP server IP.
[dns]
upstreams = [
"1.1.1.1", # As an example we are using Cloudflare DNS servers here
"1.0.0.1" # This can also be set in the web interface -> Settings -> DNS
]
port = 53
interface = "br0"
listeningMode = "LOCAL" # set to 'ALL' if VPN clients can't access Pi-hole DNS, ensure firewall blocks public access to the port set above
revServers = [
"true,192.168.1.0/24,127.0.0.1#8053,lan"
]
# Disable NTP feature as it may conflict with firmware's NTP server and sync
[ntp]
[ntp.ipv4]
active = false
[ntp.ipv6]
active = false
[ntp.sync]
active = false
[webserver]
port = "5080,5443s"-
In your router's web GUI go to LAN -> DHCP Server section and make sure no custom DNS server is set.
On the WAN -> Internet Connection page, make sure external DNS servers are set (or the option to obtain them from your ISP is enabled), and disableForward local domain queries to upstream DNSto avoid potential DNS loop whendns.revServersis set. -
Restart Dnsmasq and start Pi-hole service:
service restart_dnsmasq
/opt/etc/init.d/S65pihole-FTL startNote
It is possible that you will see "dnsmasq warning: using interface lo instead" in Pi-hole's web interface and FTL.log - it can be safely ignored as it only indicates that one of the interfaces is either virtual or labeled.
In this particular case it will be caused by lo:0 interface created by ASUS firmware.
- Access Pi-hole's web interface at asusrouter.com:5080 or asusrouter.com:5443 and proceed to configuration.