Community discussions

MikroTik App
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1424
Joined: Sun Sep 18, 2011 7:00 pm

how to use PI-Hole with mikrotik netwrok?

Sun Jul 11, 2021 6:18 pm

Hello,
I have a router that I use it as WiFi router -
mikrotik(10.0.0.253)----->Fortigate(10.0.0.254)------internet(0.0.0.0/0)

in the mikrotik I have DHCP setting for WiFi users (172.16.45.0/24 is the WiFi network, 10.0.0.254 is the router gateway)
what do I need to in order to start using the PI-Hole? (address 10.0.0.150)?

what do I need to change in the router settting \ DHCP setting ?
or I only need to change the DNS to 10.0.0.150?

Thanks ,
 
IYARINDRA
just joined
Posts: 21
Joined: Fri Apr 07, 2017 6:13 pm

Re: how to use PI-Hole with mikrotik netwrok?

Sun Jul 11, 2021 6:33 pm

In winbox go to IP > DHCP Server > Network
Then add yours, double click on your network and add pihole address as you dns server.

When the clients do the connection, it will go together with the dhcp lease.
The existing connection have to wait 'till it updates. Or you can force it.
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: how to use PI-Hole with mikrotik netwrok?

Sun Jul 11, 2021 6:54 pm

Apart from that there is some "extra's" you can / should add

1) DROP any outgoing DNS-packets NOT originating from your Pihole. I notice here that some Android client just have Google IP's hardcoded in them and they still are doing lookups to 8.8.8.8 / 8.8.4.4 even while having the Pihole offered to them via DHCP
Alternative to DROP is to "intercept" them and deliver them to the Pi-hole. I do that via a "mangle" rule.

2) Perhaps have some scripts on the Mikrotik running to "check" if your Pi-hole can still resolve ? Sort of a "backup" plan, unless you have perhaps 2 Pi-hole devices running on the network?
There are several posts on the forum concerning this.


...and then there is also the DNS-over-HTTPS and DNS-over-TLS that you see more and more.
I drop all of this traffic trying to go out, but probably cannot capture all of it all the time.
I use a list that I fetch that contains a lot of public DOH/DOT servers, but not sure how accurate/up-to-date it is.
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: how to use PI-Hole with mikrotik netwrok?

Sun Jul 11, 2021 7:30 pm

2) Perhaps have some scripts on the Mikrotik running to "check" if your Pi-hole can still resolve ? Sort of a "backup" plan, unless you have perhaps 2 Pi-hole devices running on the network?
There are several posts on the forum concerning this.

Here is the code that automatically performs backup to another DNS server if your pihole is not reachable. Works like a charm, like HA Pihole :D

"/system scheduler". Any name you want, interval set to 30s (or 10s) and put this code:
:local currentDNS [/ip dns get server]
:local piholeDNS "192.168.0.10"
:local backupDNS "1.1.1.2,1.0.0.2"
:local testDomain "www.google.com"

:if ($currentDNS = $piholeDNS) do={
    :do {
        :resolve $testDomain server=$piholeDNS
    } on-error={
        /ip dns set servers=$backupDNS
    }
} else={
    :do {
        :resolve $testDomain server=$piholeDNS
        /ip dns set servers=$piholeDNS
    } on-error={}
}

Also note that Pi-Hole is not something unique. There are other projects, I am personally fan of https://github.com/0xERR0R/blocky as it is single project (no http/php/dnsmasq etc dependencies), supports DOH and works like a charm.
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1424
Joined: Sun Sep 18, 2011 7:00 pm

Re: how to use PI-Hole with mikrotik netwrok?

Mon Jul 12, 2021 9:04 am

Ok ,
I will use the DNS Script ,
and I have I cahnge the DNS in the DHCP server setting
Thank you all.

by the way - does any one know if I can use the PI-hole as proxy server?
I can see it's blocking the ads without any problem(so he can tell when there is an image\video I assume) , but can I also block images(*.jpg) for exmpale ?
or if I go further can I put my own jpg instead of the website jpg?

I have a small project that I want to use the PI-hole (or if someone have a better free blocl project) in a palce with kids
and I don't want them \ any one around the area to get p0rn \ nude images
so I thought maybe I can block the images from that website - and put a smiley face \ peace sign or something llike this

Thanks ,
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: how to use PI-Hole with mikrotik netwrok?

Mon Jul 12, 2021 10:01 am

I notice here that some Android client just have Google IP's hardcoded in them and they still are doing lookups to 8.8.8.8 / 8.8.4.4 even while having the Pihole offered to them via DHCP
Chromecast is one of them with fixed DNS to google.
 
himala002
just joined
Posts: 12
Joined: Fri Jun 25, 2021 10:16 am

Re: how to use PI-Hole with mikrotik netwrok?

Mon Jul 12, 2021 11:14 am

/ip firewall nat
chain = dstnat, protocol = udp, dst. port = 53,5353, src address-list = <address/network>, action = dst-nat, To address = <Pihole address>, to ports = 53

try this one...
in src address-list is the list of who use of your Pihole server
 
Jarek9008
just joined
Posts: 21
Joined: Sun Dec 05, 2021 12:38 pm

Re: how to use PI-Hole with mikrotik netwrok?

Thu Jan 20, 2022 12:27 am

Ok ,
I will use the DNS Script ,
and I have I cahnge the DNS in the DHCP server setting
Thank you all.

by the way - does any one know if I can use the PI-hole as proxy server?
I can see it's blocking the ads without any problem(so he can tell when there is an image\video I assume) , but can I also block images(*.jpg) for exmpale ?
or if I go further can I put my own jpg instead of the website jpg?

I have a small project that I want to use the PI-hole (or if someone have a better free blocl project) in a palce with kids
and I don't want them \ any one around the area to get p0rn \ nude images
so I thought maybe I can block the images from that website - and put a smiley face \ peace sign or something llike this

Thanks ,
Hi David,

For sure if You are using this script Your DNS is changing in IP/DHCP-SERVER/NETWORK/DNS-SERVERS?
 
Jarek9008
just joined
Posts: 21
Joined: Sun Dec 05, 2021 12:38 pm

Re: how to use PI-Hole with mikrotik netwrok?

Mon Jan 24, 2022 8:29 pm

In winbox go to IP > DHCP Server > Network
Then add yours, double click on your network and add pihole address as you dns server.

When the clients do the connection, it will go together with the dhcp lease.
The existing connection have to wait 'till it updates. Or you can force it.
Hi, how I can force existing connections? Any script?
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: how to use PI-Hole with mikrotik netwrok?

Mon Jan 24, 2022 9:20 pm

Hi!

Instead of relying on DHCP you can just make a destination nat:
-set the DNS server via DHCP to the Mikrotiks IP (default GW)
-set up a DNS Server on the MT (that´s just for fallback)
-set up a destination nat for DNS requests to your PIHole
-use Tools/Netwatch and a script to monitor PIHole reachability and disable the DNAT rule

Thats how I do it. Unfortunately I don´t have that script at hand now. But I have found mine somewhere burried in these forums.

Woland
When the clients do the connection, it will go together with the dhcp lease.
The existing connection have to wait 'till it updates. Or you can force it.
Hi, how I can force existing connections? Any script?
 
Jarek9008
just joined
Posts: 21
Joined: Sun Dec 05, 2021 12:38 pm

Re: how to use PI-Hole with mikrotik netwrok?

Sat Jan 29, 2022 11:12 pm

Hi!

Instead of relying on DHCP you can just make a destination nat:
-set the DNS server via DHCP to the Mikrotiks IP (default GW)
-set up a DNS Server on the MT (that´s just for fallback)
-set up a destination nat for DNS requests to your PIHole
-use Tools/Netwatch and a script to monitor PIHole reachability and disable the DNAT rule

Thats how I do it. Unfortunately I don´t have that script at hand now. But I have found mine somewhere burried in these forums.

Woland

Hi, how I can force existing connections? Any script?
Hi,
Thx, but can You tell me how should look destination NAT rule?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: how to use PI-Hole with mikrotik netwrok?

Sun Jan 30, 2022 2:14 am

Also note that Pi-Hole is not something unique. There are other projects, I am personally fan of https://github.com/0xERR0R/blocky as it is single project (no http/php/dnsmasq etc dependencies), supports DOH and works like a charm.
@erkexzcx How do you apply that in MT, docker container ??
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: how to use PI-Hole with mikrotik netwrok?

Sun Jan 30, 2022 2:34 pm

Hi, how I can force existing connections? Any script?
Short version: Kill all DHCP leases.
They will come back again for a new lease, with a new DHCP entry being presented.
 
Jarek9008
just joined
Posts: 21
Joined: Sun Dec 05, 2021 12:38 pm

Re: how to use PI-Hole with mikrotik netwrok?

Sun Jan 30, 2022 7:10 pm

Hi, how I can force existing connections? Any script?
Short version: Kill all DHCP leases.
They will come back again for a new lease, with a new DHCP entry being presented.
Hi, but how to do it? 😉
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: how to use PI-Hole with mikrotik netwrok?

Sun Jan 30, 2022 7:21 pm

Winbox
Ip
Dhcp server tab leases
 
Jarek9008
just joined
Posts: 21
Joined: Sun Dec 05, 2021 12:38 pm

Re: how to use PI-Hole with mikrotik netwrok?

Mon Jan 31, 2022 4:56 pm

Winbox
Ip
Dhcp server tab leases
Hi, I know it, but how do to it via any script? Sorry, if it is simple question, but I am beginner with using MT i ROS..
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: how to use PI-Hole with mikrotik netwrok?

Mon Jan 31, 2022 5:04 pm

Why via script ?
Once you have your pi-hole setup, it should always be used as DNS server.
It's a one-time start-up action.
 
Jarek9008
just joined
Posts: 21
Joined: Sun Dec 05, 2021 12:38 pm

Re: how to use PI-Hole with mikrotik netwrok?

Mon Jan 31, 2022 7:20 pm

Why via script ?
Once you have your pi-hole setup, it should always be used as DNS server.
It's a one-time start-up action.
Only in emergency situation, when Pi Hole will be breakdown, and I will not have possibility to manually reset leases - to safe my family against "NO INTERNET ACCESS"

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot], johnson73, ramirez, wapbytez and 85 guests