Amplifi HD with pi-hole - still not possible?


  • I’m running pi-hole inside Hassio in a Docker container on my Synology NAS and changed the Primary DNS settings on my Amplifi HD router to the Synology’s IP address and the Secondary DNS to 8.8.8.8. I've also bypassed the DNS cache on the router. But the ads are still getting through. From what I've read, this router doesn't play nice with pi-hole. Is there any workaround?


  • @fred-bloggs I'm using Pi-Hole without any issues, but running on a Raspberry Pi device. Configuration was easily achieved in Amplify router. I'm not using any secondary DNS, as all the traffic should pass via Pi-Hole, which is anyway resolving it via upstream (9.9.9.9 or 1.1.1.1).


  • @fred-bloggs Did you flush your DNS cache after making the changes. I'd wager the TTL for ad domains is very high, so you may be using cached entries on your device. Also possible that your devices aren't aware of the new DNS server if the DHCP lease is high.

    Is Pi-hole showing hits at all? All are of the devices listed in the network tab?

    Also possible that your devices can't hit pi-hole so are falling back to the secondary DNS.

    FWIW, I'm running Pihole in a docker container with no issues. ~10% block rate.


  • Thanks everyone, all sorted now


  • Actually it's not sorted! Pi-hole is running and showing a 15-20% block rate but the ads are all still getting through. I have the primary DNS set to the Pi-hole and the secondary DNS left blank. Another puzzling feature is that if I stop the Pi-hole in Docker but leave the primary DNS set to the Pi-hole most devices can still connect to the internet although the Amplifi's screen helpfully indicates that there is no internet connection!


  • @fred-bloggs pi hole can be a hit or miss with ad blocking, you have to white list the amplfii domains which ping back to google sites I think off memory it's google.com google.net and google.org that need to be white listed inorder for it to work properly.


  • Thanks, I whitelisted the 3 sites you mentioned but the ads are still getting through in spite of the Admin Console showing this:
    0_1571299283831_pihole.JPG


  • @fred-bloggs which devices?


  • Also you are probably running the basics lists it comes with I have over 100 lists in mine,
    The part issue is that the amplfii doesn't have a way to force DNS server usage like my Asus with Merlin firmware does.

    The need to add a dns filter option that forces all clients to use a set DNS server or servers.


  • @edward-dolezal A mix of PCs and phones/tablets


  • @fred-bloggs have you tried to manually set the device DNS to the pi holes up address?

    Also it looks like you are, using the default block lists, there is a site maintained by wally3k who has more block lists for pi.


  • @edward-dolezal Thanks for your suggestion, changing my PC's DNS has enabled most of the ads to be blocked. Will look at the additional block lists. Would it be safe enough to enter a secondary DNS (e.g. OpenDNS) on the PC's settings? I think it's not recommended to do this on the router.

    Pi-hole dashboard now look a lot healthier:

    0_1571329249391_pihole.JPG


  • Pi hole should be the only DNS devices are pointed to otherwise they will by pass it, some devices can bypass pi and use a hardcoded DNS server of memory I think that's Chromecast but the rest should be fine.


  • There's already a fun little trick where you can actually place the "pi-hole" server on a zero-tier network and this will allow you to use your pi-hole on any client device also using your zero-tier network. That way you can literally take your pi-hole with you everywhere 🙂


  • i) webUI of the amplifi - bypass dns cache

    ii) in the amplifi app, make sure your pihole is listed in all the DNS servers that amplifi's DHCP hands out -- not just the first one and the rest of the entries blank.

    this will help clients that resolve DNS in a round-robin fashion (instead of fail-through), and also make sure the amplifi doesn't sneakily add itself or anything else as a DNS server (some firmwares did this)

    you might experience mDNS (bonjour) spam -- there's a thread here from earlier this year (January/February-ish), with workarounds (at least as they applied to v2.9.x at the time)


Log in to reply
 

Looks like your connection to AmpliFi was lost, please wait while we try to reconnect.