Community discussions

MikroTik App
  4. RouterOS
  5. General

DoH in router with pihole

Post Reply
 
User avatar
sunakashi
just joined
Topic Author
Posts: 17
Joined: Wed Nov 23, 2022 1:55 pm
Location: CZ

DoH in router with pihole

Mon Dec 12, 2022 5:08 pm

Thanks, Mikrotik, for this video: https://youtu.be/w4erB0VzyIE (Encrypt your DNS requests with MikroTik) I followed the steps and it works perfectly.

Now I wonder how to setup pihole in between to have DNS request filtered by pihole first, and then send by DoH to NextDNS. Please, can anyone help me with set this up? What should I use? Some NAT rules? Thanks.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: DoH in router with pihole

Sun Dec 18, 2022 2:32 am

You can either let Pi-hole do it (https://docs.pi-hole.net/guides/dns/cloudflared/), or if you'd want to use router's DoH, it would be possible too, but only if clients won't be using its DNS cache (which you may or may not want, depending on how exactly your Pi-hole fits in).
Top
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26968
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:
Contact normis

Re: DoH in router with pihole

Mon Dec 19, 2022 8:31 am

To avoid sending DNS requests back and forth, it would be more logical to have your RouterOS device hand our PiHole IP address as the DNS address via DHCP and then let PiHole do everything, filtering and DoH.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: DoH in router with pihole

Mon Dec 19, 2022 2:42 pm

True, it's more logical. But then clients depend on Pi-hole and if it happens to not work for any reason, nothing works for clients (at least it seems that way to them). If everything goes to router, it can be easily and automatically (using Netwatch of scheduled script) redirected to somewhere else if needed. So it's not entirely bad.
Top
 
User avatar
sunakashi
just joined
Topic Author
Posts: 17
Joined: Wed Nov 23, 2022 1:55 pm
Location: CZ

Re: DoH in router with pihole

Tue Jan 03, 2023 2:19 pm

To avoid sending DNS requests back and forth, it would be more logical to have your RouterOS device hand our PiHole IP address as the DNS address via DHCP and then let PiHole do everything, filtering and DoH.
That is ideal scenario, but I cannot set up piholes custom upstream. Any custom IP not work - DNS queries are go out, but nothing is loading back, i guess it is a firewall related problem - details are here.
Top
 
User avatar
broderick
Member Candidate
Member Candidate
Posts: 292
Joined: Mon Nov 30, 2020 7:44 pm

Re: DoH in router with pihole

Tue Jan 03, 2023 2:40 pm

True, it's more logical. But then clients depend on Pi-hole and if it happens to not work for any reason, nothing works for clients (at least it seems that way to them). If everything goes to router, it can be easily and automatically (using Netwatch of scheduled script) redirected to somewhere else if needed. So it's not entirely bad.
It is exactly how I set it up.
I set my Mk router IP in its own DHCP server, and my pi-hole machine IP in the MK's DNS setting. If my pihole machine goes down, the DNS IPs switches to 1.1.1.1 and 1.1.1.2. Of course a scheduler script checks regularly if pihole is up and running. The DoH stuff is managed by pihole itself.
Moreover, I set two NAT rules for dns query redirection.
Top
Post Reply
  4. RouterOS
  5. General