MikroTik

Community discussions
https://forum.mikrotik.com/

DoH in router with pihole

https://forum.mikrotik.com/viewtopic.php?t=191641

Page 1 of 1

DoH in router with pihole

Posted: Mon Dec 12, 2022 5:08 pm
by sunakashi
Thanks, Mikrotik, for this video: https://youtu.be/w4erB0VzyIE (Encrypt your DNS requests with MikroTik) I followed the steps and it works perfectly.

Now I wonder how to setup pihole in between to have DNS request filtered by pihole first, and then send by DoH to NextDNS. Please, can anyone help me with set this up? What should I use? Some NAT rules? Thanks.

Re: DoH in router with pihole

Posted: Sun Dec 18, 2022 2:32 am
by Sob
You can either let Pi-hole do it (https://docs.pi-hole.net/guides/dns/cloudflared/), or if you'd want to use router's DoH, it would be possible too, but only if clients won't be using its DNS cache (which you may or may not want, depending on how exactly your Pi-hole fits in).

Re: DoH in router with pihole

Posted: Mon Dec 19, 2022 8:31 am
by normis
To avoid sending DNS requests back and forth, it would be more logical to have your RouterOS device hand our PiHole IP address as the DNS address via DHCP and then let PiHole do everything, filtering and DoH.

Re: DoH in router with pihole

Posted: Mon Dec 19, 2022 2:42 pm
by Sob
True, it's more logical. But then clients depend on Pi-hole and if it happens to not work for any reason, nothing works for clients (at least it seems that way to them). If everything goes to router, it can be easily and automatically (using Netwatch of scheduled script) redirected to somewhere else if needed. So it's not entirely bad.

Re: DoH in router with pihole

Posted: Tue Jan 03, 2023 2:19 pm
by sunakashi
To avoid sending DNS requests back and forth, it would be more logical to have your RouterOS device hand our PiHole IP address as the DNS address via DHCP and then let PiHole do everything, filtering and DoH.
That is ideal scenario, but I cannot set up piholes custom upstream. Any custom IP not work - DNS queries are go out, but nothing is loading back, i guess it is a firewall related problem - details are here.

Re: DoH in router with pihole

Posted: Tue Jan 03, 2023 2:40 pm
by broderick
True, it's more logical. But then clients depend on Pi-hole and if it happens to not work for any reason, nothing works for clients (at least it seems that way to them). If everything goes to router, it can be easily and automatically (using Netwatch of scheduled script) redirected to somewhere else if needed. So it's not entirely bad.
It is exactly how I set it up.
I set my Mk router IP in its own DHCP server, and my pi-hole machine IP in the MK's DNS setting. If my pihole machine goes down, the DNS IPs switches to 1.1.1.1 and 1.1.1.2. Of course a scheduler script checks regularly if pihole is up and running. The DoH stuff is managed by pihole itself.
Moreover, I set two NAT rules for dns query redirection.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/