F2000 Forwarding All Traffic to Port 53 (for Pihole)

rosboy

Hi all.

I have just set up PiHole on my network, but it's not picking up all traffic. I've done a lot of trouble shooting, and I need to forward all network to port 53 on my router. Pihole can then pick up all the traffic.

I'm having trouble doing this on my F2000. It seems port 53 is open by default, so I can't create a rule to forward the traffic on that port.

Anyone got any ideas?

https://ibb.co/92bYQyJ

purifol0

DONT PORT FORWARD ANYTHING!

Thats not what pi-hole does or needs.

Simply open up your F2000 under DHCP settings, add your pi-hole's IP in the DNS server field.

On your pi-hole make sure it has its DNS server to either Eir's DNS or Googles (8.8.8.8) or some other one you trust, like quad9 (9.9.9.9).

Thats it...unless youve messed around with more settings on your F2000. In which case just post em and I'll fix.

rosboy

Thanks for the feedback.

I've done everything you've said and Pihole is partially working. I've noticed that only some of the traffic from my phone is going through Pihole while on other devices it looks like all network is going through. Feedback I've received from others is that certain apps force traffic through their own custom DNS, rather than the network default (Pihole). It's based on this that many have done what I'm attempting to do. Basically force everything through port 53 so it has to go through Pihole.

I have a thread on Reddit on the issue. Not sure if I'm allowed link to it here?

purifol0

Sure post the link, the more eyes on the issue the better chance of resolution.

rosboy

Thanks. Here it is:

https://www.reddit.com/r/pihole/comments/eihljl/only_some_of_my_phones_activity_is_going_through/

The high horse brigade

You'll not be able to do this with an F2000. You'll need to bridge the F2000 and add a better router. I've done it before with a Mikrotik but an F2000 will not allow it.

I think you need to read up on how DNS works. Your traffic doesn't go through pihole. DNS is a lookup, it's like a phone directory for internet domains. Once a response is returned from the DNS server the client knows what IP to connect to.

Your problem is that some devices and apps have hard coded DNS. Capturing all traffic on port 53 and redirecting to pihole may not even fix your issues as some even use encryption on the standard secure http port 443
https://en.m.wikipedia.org/wiki/DNS_over_HTTPS

rosboy

Great answer. Thanks.

Sorry, networking isn't a strength of mine, so I used my words badly to describe the traffic going through Pihole. I kind of understood how the DNS server worked but not well enough to use proper terminology to describe it.

I have a few routers, and my intention was to flash them with something like openwrt when I move into a house we are building, so I could just try one more like you suggested.

On the DoH issue (no one on the Reddit post was able to identify this, so kudos to you!), based on the fact that it's encrypted, I assume there is no way around that, even if I were to just use an openwrt router with ad blocking built in?

The high horse brigade wrote: »

You'll not be able to do this with an F2000. You'll need to bridge the F2000 and add a better router. I've done it before with a Mikrotik but an F2000 will not allow it.

I think you need to read up on how DNS works. Your traffic doesn't go through pihole. DNS is a lookup, it's like a phone directory for internet domains. Once a response is returned from the DNS server the client knows what IP to connect to.

Your problem is that some devices and apps have hard coded DNS. Capturing all traffic on port 53 and redirecting to pihole may not even fix your issues as some even use encryption on the standard secure http port 443
https://en.m.wikipedia.org/wiki/DNS_over_HTTPS

The high horse brigade

All you can do is try. DNS is changing all the time, mostly to counteract adblocking. I myself run 2x piholes but more and more is creeping through as devices and apps get wise to the carry on.