Community discussions

MikroTik App
 
instant
just joined
Topic Author
Posts: 7
Joined: Mon May 25, 2009 5:11 pm

Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Mon Oct 19, 2020 6:51 pm

Hello,
In a network with a Mikrotik as a Router with DHCP, I have installed Pi-Hole to use it as DNS and block advertising. Once configured as DNS granted by the Mikrotik's DHCP, it works for all computers.
But I have a problem, in the web interface of the Pi-Hole, they all appear as a single device in the client list, which would be the Mikrotik.
This seems to be because the requests are forwarded by the Mikrotik even though the primary DNS is the Pi-Hole.
Some routers force clients to use the router as their DNS server
Even if you set Pi-hole as the only DNS server in your router’s settings, the router still forces clients to use it as their primary DNS resolver.
Once those queries arrive at the router, it forwards the requests to the Pi-hole. Since the queries are all coming from one place, Pi-hole only sees the router as the origin of all DNS requests. So the traffic flow looks something like this:
Multiple network clients > Router (acting as the primary DNS server) > Pi-hole (acting as an upstream DNS server)
Would it be possible to correct it?
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 997
Joined: Fri Jun 26, 2020 4:37 pm

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Mon Oct 19, 2020 7:09 pm

Give the Pi a static IP from DHCP>Leases

Then use static IP as DNS inside DHCP>Network

I'm using Pi-Hole myself.
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1237
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Mon Oct 19, 2020 7:14 pm

I guess you entered pi-hole as DNS server in IP -> DNS?
You should additionally specify pi-hole as DNS server in IP -> DHCP -> Networks
 
instant
just joined
Topic Author
Posts: 7
Joined: Mon May 25, 2009 5:11 pm

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Mon Oct 19, 2020 7:16 pm

Give the Pi a static IP from DHCP>Leases

Then use static IP as DNS inside DHCP>Network

I'm using Pi-Hole myself.
Hi,
This is how it is configured, with a fixed IP reserved in DHCP, and that IP as the main DNS.
Best regards.
 
instant
just joined
Topic Author
Posts: 7
Joined: Mon May 25, 2009 5:11 pm

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Mon Oct 19, 2020 7:21 pm

I guess you entered pi-hole as DNS server in IP -> DNS?
You should additionally specify pi-hole as DNS server in IP -> DHCP -> Networks
Hi, Yes.
Attached known bug.
https://discourse.pi-hole.net/t/total-q ... er/31648/2
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Mon Oct 19, 2020 7:48 pm

I guess you entered pi-hole as DNS server in IP -> DNS?
You should additionally specify pi-hole as DNS server in IP -> DHCP -> Networks
Hi, Yes.
Attached known bug.
It's not really a bug though. Setting in IP->DNS tells the router what DNS server it should use, for requests not cached or locally defined. Settings in IP->DHCP->Networks is what the router tells the DHCP clients that they should use. The two settings aren't necessarily the same, for example I have IP/DNS set to OpenDNS and IP/DHCP/Networks set to the local router address. That way my clients benefit from caching.
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1237
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Mon Oct 19, 2020 8:02 pm

As already stated - It's not a bug, but a misinterpretation of router's config options.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Mon Oct 19, 2020 8:48 pm

I guess you entered pi-hole as DNS server in IP -> DNS?
You should additionally specify pi-hole as DNS server in IP -> DHCP -> Networks
Hi, Yes.
Attached known bug.
It's not really a bug though. Setting in IP->DNS tells the router what DNS server it should use, for requests not cached or locally defined. Settings in IP->DHCP->Networks is what the router tells the DHCP clients that they should use. The two settings aren't necessarily the same, for example I have IP/DNS set to OpenDNS and IP/DHCP/Networks set to the local router address. That way my clients benefit from caching.
Would it be fair to say that in order for the clients to make use of the cache and IP DNS settings, the input chain has to allow users to access the router on port 53?
If we block access to port 53, then the only solution is the IP DHCP-server-network entry for DNS correct?

My question is then slightly nuanced, what if we put more than one entry for IP DHCP server-network.
If we put in hard entries such as 1.1.1.1 and 1.0.0.01 and then as last entry the lan subnetgateway as an entry, then the router will only use entered IP DNS settings (lets say we had 8.8.8.8 in there) and its cache, if the hard entries are not providing DNS returns?? (put in another way, is order important?) If so how does the router calculate or figure out a lack of return and switch to the next entry (what criteria is used)

Conversely, if the order was reversed and the router cache and use of 8.8.8.8 was not able to return DNS< would the router go to the next DNS entry on the ip -dhcp-server-network entry??
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Mon Oct 19, 2020 9:18 pm

If we put in hard entries such as 1.1.1.1 and 1.0.0.01 and then as last entry the lan subnetgateway as an entry, then the router will only use entered IP DNS settings (lets say we had 8.8.8.8 in there) and its cache, if the hard entries are not providing DNS returns?? (put in another way, is order important?) If so how does the router calculate or figure out a lack of return and switch to the next entry (what criteria is used)

This was discussed already gazillion times: DNS system is supposed to return same results regardless the intermediate server used (out of configured ones), hence clients don't send query to another server if the previous one returns negative answer.
In that case client assumes none of configured servers will know the answer, or better: the answer doesn't exist. Only reason to send query to another server is lack of any answer (connection timeout) indicating that server is unavailable.
Well, the fact that any server should return same results may lead to different strategies used by clients to query different servers, but reception of negative answer is not one of them.

Which means that if an organization is running local domains, then multiple DNS servers should exist locally for fallbacks and that organization should not rely on public DNS servers for high availability.
 
robsgax
newbie
Posts: 27
Joined: Wed Apr 17, 2019 10:26 pm

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Tue Oct 20, 2020 3:05 am

I use this rules to see my devices IP in pi-hole, (kind of, i only have to interpret 10 as 192), my pi-hole ip is 192.168.0.8, i use my router ip for dns in dhcp, 192.168.0.1, but the router catches all the dns traffic and send it to my pi-hole, and mascarade it so i can see in pi-hole the device ip address. and i have another script to check if pihole is running, if not, it disable the 4 nat rules so the mk is the dns server. the script is long because i didnt want to fill my log with fetch/enable/disable every minute or so.

hope it helps
/ip firewall mangle
add action=accept chain=prerouting comment="HairPin, use local ip 10=192" \
    dst-address=10.168.0.0/24
/ip firewall nat
add action=netmap chain=srcnat comment="Hairpin NAT Masq, use loc ip, 10=192" \
    dst-address-list=HomeLAN src-address-list=HomeLAN to-addresses=\
    10.168.0.0/24
add action=dst-nat chain=dstnat comment="Pi-Hole 1" dst-address=!192.168.0.8 \
    dst-address-list=!NoPiHole dst-port=53 protocol=udp src-address=\
    !192.168.0.8 src-address-list=!NoPiHole to-addresses=192.168.0.8
add action=dst-nat chain=dstnat comment="Pi-Hole 2" dst-address=!192.168.0.8 \
    dst-address-list=!NoPiHole dst-port=53 protocol=tcp src-address=\
    !192.168.0.8 src-address-list=!NoPiHole to-addresses=192.168.0.8
add action=masquerade chain=srcnat comment="Pi-Hole 3" dst-address=\
    192.168.0.8 dst-port=53 protocol=udp src-address-list=HomeLAN
add action=masquerade chain=srcnat comment="Pi-Hole 4" dst-address=\
    192.168.0.8 dst-port=53 protocol=tcp src-address-list=HomeLAN

/system script
add dont-require-permissions=no name=PiHoleCheck owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    do {\r\
    \n/tool fetch url=\"http://192.168.0.8/admin/api.php\?status\" output=none\
    \r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 1\
    \"]] do={  \r\
    \n/ip firewall nat enable [find comment=\"Pi-Hole 1\"];  \r\
    \n}\r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 2\
    \"]] do={  \r\
    \n/ip firewall nat enable [find comment=\"Pi-Hole 2\"];  \r\
    \n}\r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 3\
    \"]] do={  \r\
    \n/ip firewall nat enable [find comment=\"Pi-Hole 3\"];  \r\
    \n}\r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 4\
    \"]] do={  \r\
    \n/ip firewall nat enable [find comment=\"Pi-Hole 4\"];  \r\
    \n:log warning \"Pi-hole is working.\"; \r\
    \n}\r\
    \n} on-error {  \r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 1\
    \"]] do={  \r\
    \n} else={\r\
    \n/ip firewall nat disable [find comment=\"Pi-Hole 1\"];  \r\
    \n}\r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 2\
    \"]] do={  \r\
    \n} else={\r\
    \n/ip firewall nat disable [find comment=\"Pi-Hole 2\"];  \r\
    \n}\r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 3\
    \"]] do={  \r\
    \n} else={\r\
    \n/ip firewall nat disable [find comment=\"Pi-Hole 3\"];  \r\
    \n}\r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 4\
    \"]] do={  \r\
    \n} else={\r\
    \n/ip firewall nat disable [find comment=\"Pi-Hole 4\"];  \r\
    \n/ip dns cache flush;\r\
    \n:log error \"Pi-hole isn't working, using local DNS instead.\";\r\
    \n}\r\
    \n}"

SNAG 2020-10-19 0003.png
You do not have the required permissions to view the files attached to this post.
 
instant
just joined
Topic Author
Posts: 7
Joined: Mon May 25, 2009 5:11 pm

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Wed Oct 21, 2020 11:52 am

Hello, in the Pi-Hole they all appear as the IP 10.0.0.2, but the subnet is 10.1.0.X.
As I have seen on the internet, it does this on any network when this happens, even if yours is 192.168.1.X.
I attach capture.
Best regards.
You do not have the required permissions to view the files attached to this post.
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1237
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Wed Oct 21, 2020 12:55 pm

Where do you run your pi-hole?
Bare device, VM, docker container?
It looks like some misconfiguration in VM/docker networking.

Anyway, it most likely has nothing to do with mikrotik.
 
instant
just joined
Topic Author
Posts: 7
Joined: Mon May 25, 2009 5:11 pm

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Wed Oct 21, 2020 12:59 pm

Where do you run your pi-hole?
Bare device, VM, docker container?
It looks like some misconfiguration in VM/docker networking.

Anyway, it most likely has nothing to do with mikrotik.
Yes, is a Docker in OMV.
 
hermeson
just joined
Posts: 21
Joined: Wed Apr 05, 2017 1:57 am

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Wed May 11, 2022 2:32 am

How did you get on this! =)

I use this rules to see my devices IP in pi-hole, (kind of, i only have to interpret 10 as 192), my pi-hole ip is 192.168.0.8, i use my router ip for dns in dhcp, 192.168.0.1, but the router catches all the dns traffic and send it to my pi-hole, and mascarade it so i can see in pi-hole the device ip address. and i have another script to check if pihole is running, if not, it disable the 4 nat rules so the mk is the dns server. the script is long because i didnt want to fill my log with fetch/enable/disable every minute or so.

hope it helps
/ip firewall mangle
add action=accept chain=prerouting comment="HairPin, use local ip 10=192" \
    dst-address=10.168.0.0/24
/ip firewall nat
add action=netmap chain=srcnat comment="Hairpin NAT Masq, use loc ip, 10=192" \
    dst-address-list=HomeLAN src-address-list=HomeLAN to-addresses=\
    10.168.0.0/24
add action=dst-nat chain=dstnat comment="Pi-Hole 1" dst-address=!192.168.0.8 \
    dst-address-list=!NoPiHole dst-port=53 protocol=udp src-address=\
    !192.168.0.8 src-address-list=!NoPiHole to-addresses=192.168.0.8
add action=dst-nat chain=dstnat comment="Pi-Hole 2" dst-address=!192.168.0.8 \
    dst-address-list=!NoPiHole dst-port=53 protocol=tcp src-address=\
    !192.168.0.8 src-address-list=!NoPiHole to-addresses=192.168.0.8
add action=masquerade chain=srcnat comment="Pi-Hole 3" dst-address=\
    192.168.0.8 dst-port=53 protocol=udp src-address-list=HomeLAN
add action=masquerade chain=srcnat comment="Pi-Hole 4" dst-address=\
    192.168.0.8 dst-port=53 protocol=tcp src-address-list=HomeLAN

/system script
add dont-require-permissions=no name=PiHoleCheck owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    do {\r\
    \n/tool fetch url=\"http://192.168.0.8/admin/api.php\?status\" output=none\
    \r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 1\
    \"]] do={  \r\
    \n/ip firewall nat enable [find comment=\"Pi-Hole 1\"];  \r\
    \n}\r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 2\
    \"]] do={  \r\
    \n/ip firewall nat enable [find comment=\"Pi-Hole 2\"];  \r\
    \n}\r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 3\
    \"]] do={  \r\
    \n/ip firewall nat enable [find comment=\"Pi-Hole 3\"];  \r\
    \n}\r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 4\
    \"]] do={  \r\
    \n/ip firewall nat enable [find comment=\"Pi-Hole 4\"];  \r\
    \n:log warning \"Pi-hole is working.\"; \r\
    \n}\r\
    \n} on-error {  \r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 1\
    \"]] do={  \r\
    \n} else={\r\
    \n/ip firewall nat disable [find comment=\"Pi-Hole 1\"];  \r\
    \n}\r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 2\
    \"]] do={  \r\
    \n} else={\r\
    \n/ip firewall nat disable [find comment=\"Pi-Hole 2\"];  \r\
    \n}\r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 3\
    \"]] do={  \r\
    \n} else={\r\
    \n/ip firewall nat disable [find comment=\"Pi-Hole 3\"];  \r\
    \n}\r\
    \n:if [/ip firewall nat get value-name=disabled [find comment=\"Pi-Hole 4\
    \"]] do={  \r\
    \n} else={\r\
    \n/ip firewall nat disable [find comment=\"Pi-Hole 4\"];  \r\
    \n/ip dns cache flush;\r\
    \n:log error \"Pi-hole isn't working, using local DNS instead.\";\r\
    \n}\r\
    \n}"


SNAG 2020-10-19 0003.png
 
jimint
just joined
Posts: 18
Joined: Fri Aug 11, 2017 12:58 am

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Sun Sep 11, 2022 8:17 pm

Hello
I have excactly the same problem is there any solution abouti it?

https://ibb.co/CwNqQ04
 
Jarek9008
just joined
Posts: 21
Joined: Sun Dec 05, 2021 12:38 pm

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Wed Sep 14, 2022 11:53 am

I have the same problem, but after installing Pi-Hole on the container - according to the manual from Mikrotik (https://help.mikrotik.com/docs/display/ ... atenetwork)

Previously I used Pi-Hole on a Raspberry and then everything was fine. Now as a Client I can only see the IP address of the Pi-Hole gate.

Have any of you found a solution to this problem?
 
sut
just joined
Posts: 1
Joined: Sat Jun 05, 2021 11:29 pm

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Mon Sep 19, 2022 1:20 pm

The solution from robsgax is promissing. But how does his adress-list HomeLAN and NoPiHole look like?
 
jimint
just joined
Posts: 18
Joined: Fri Aug 11, 2017 12:58 am

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Tue Oct 04, 2022 8:23 am

Finally I found the solution.
My problem was in NAT. I had the rule masquarade without any interface.
So I put out Interface my PPPoE Client and everything OK now.
 
User avatar
mrisco
just joined
Posts: 3
Joined: Tue Apr 19, 2016 5:24 pm

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Sun Nov 20, 2022 3:43 am

For future reference:
:local piholeip 192.168.0.3

:local servers [/ip dhcp-server network get 0 dns-server];
:do {
    /tool fetch url="http://$piholeip/admin/api.php?status";
    if ($servers != $piholeip) do={
        /ip dhcp-server network set 0 dns-server=$piholeip;
        :log info "Using Pi-hole as DNS";
    }
} on-error {
    if ($servers != "208.67.220.123;208.67.222.123") do={
        /ip dhcp-server network set 0 dns-server=208.67.220.123,208.67.222.123;
        :log error "Pi-hole isn't working, using OpenDNS instead";
    }
}
 
Njumaen
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Wed Feb 24, 2016 8:41 pm
Location: Bielefeld, Germany
Contact:

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Sun Nov 20, 2022 10:12 am

Finally I found the solution.
My problem was in NAT. I had the rule masquarade without any interface.
So I put out Interface my PPPoE Client and everything OK now.
Fixed the issue for me as well! 👍

Thanks
 
mariandoom
just joined
Posts: 1
Joined: Fri Nov 25, 2022 1:20 pm

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Fri Nov 25, 2022 1:25 pm

Finally I found the solution.
My problem was in NAT. I had the rule masquarade without any interface.
So I put out Interface my PPPoE Client and everything OK now.
Hi!!! Do you have instalated pihole in a mikrotik container?

Who is online

Users browsing this forum: jookraw and 46 guests