Override ISP DNS settings


  • There should be an advanced mode to override the DHCP DNS settings provided by the ISP. There are many reasons for this such as performance, privacy, use servers that block adult sites, etc.


  • @doug-thompson This is already available on the app. Tap the router icon, then "Internet". "Primary DNS Address" is right there, along with "Secondary DNS Address". If you're behind an ISP router like me, then the next step is to go to amplifi.lan (or the IP address of your Amplifi mesh router), log in, and check the box for "use upstream DNS" or something similar. Note that you then won't be able to use amplifi.lan, although the IP address will still work.

    This whole thing doesn't work if your Amplifi is in bridge mode; in that case, you'll have to figure out how to change your ISP-provided router's settings (like me). Hope this helps.


  • I had this problem too. always saw the IPS's DNS listed in there and couldn't figure out how to erase it. after reading this it occurred to me to just type over.

    Would be nice if the app made it a bit clearer that it was a type over.


  • @thomas-chi said in Override ISP DNS settings:

    Note that you then won't be able to use amplifi.lan, although the IP address will still work.

    So changing the ISP default DNS servers to Google Public DNS servers BREAKS amplifi.lan?


  • @adolfo-biagioni-0 Changing to use another DNS provider doesn't break amplifi.lan. What "breaks" amplifi.lan, is if you enable 'Bypass DNS Cache" in the router interface as that takes the amplifi device out of the resolution loop, so it can't resolve amplifi.lan for you.


  • This post is deleted!

  • @adolfo-biagioni-0 What he said. ☺


  • It would make more sense to be able to change the clients DNS settings under the DHCP server section.

    I can't use network naming in the current scenario with my PiHole.

    Prefer client - PiHole - router - Google.


  • @michael-easlick On mine, I've got the router set to the pihole and then bypass configured to ensure the pihole sees all the real IPs. From there, the pihole goes to 1.1.1.1/1.0.0.1 and has a host entry for amplifi.lan so dnsmasq can push that as well and that still works. What other feature am I missing?

    Edit: Just did a quick google - I assume you're wanting the pihole to be able to show the DHCP names on the reverse lookups, so you want the router to be in path so it can hopefully do that. I wonder if you can just delegate 192.168.180.x (or whatever your subnet is) back to the router.... going to play with it.

    Edit2: Got it to work (so pihole is both the primary resolver and shows the network naming).

    1. Setup the pihole as normal.
    2. Edit /etc/dnsmasq.conf and add the following line (replacing 180 with your subnet)

    server=/180.168.192.in-addr.arpa/192.168.180.1

    1. Edit /etc/hosts and add the following line

    192.168.180.1 amplifi.lan

    1. Reboot the pihole

    2. Update the DNS on the amplifi to point to the pihole.

    3. Disable DNS caching on the amplifi

    4. Profit

    My pihole now shows:

    Client Requests Frequency
    amplifi.lan 257
    desktop-msc41et.lan 180
    iphone-err.lan 148
    localhost 31

    Note: Amplifi.lan just shows requests because there are still clients pointed to the amplifi that haven't refreshed their DHCP yet.


  • @michael-eckhoff that is AWESOME! I'm going to try it today and confirm.

    Edit: Yup, works like a charm!

    Good job sir!


  • @thomas-chi Those two fields are grayed out and I can’t change them. 0_1523839495774_0C783192-2CBC-4B44-B97B-96D77B5684E9.jpeg


  • Ok. Moron here. Typed over. All good. Guess I was using the wrong thumb.
    Thanks


  • @michael-easlick I may have found a problem - I came in to find my pi in a resolution loop with the router. Looking at the resolution, it appears that some addresses (lb._dns-sd._udp.0.180.168.192.in-addr.arpa. to be specific) aren't claimed by the router, and get sent back to the upstream router, which ends up being the pi, which sends it back to the router, and the fun begins. I tried adding a regexp so it only forwards over [1-254], but so far it doesn't look like the version of dnsmasq on the pi has regexp compiled in, or my regexp just sucks (probably the latter). I'll let you know if I find a filter that works, otherwise, be on the lookout for a loop...

    Edit:

    Ok, this seems to do the trick.

    add:
    192.168.180.2 lb._dns-sd._udp.0.180.168.192.in-addr.arpa

    to /etc/pihole/local.list

    and restart the pihole (replace the addresses with your network and pihole address).

    This will go ahead and respond back to the router with the address of your pihole and stop the loop. I don't know what behavior it will have on the rest of your network as I'm not sure what's making the resolution request (probably the mac) and how it will respond to a fake response.


  • @michael-eckhoff interesting, I also think I'm going to have to move the PiHole up a level on my network to be able to access both the main and guest subnets. Doesn't appear the main can cross into the guest.

    Luckily I have an ER-X in front of everything to try it!


  • @michael-eckhoff also curious, how did you find the loop?


  • @michael-easlick The amplifi started saying 'No Internet Connection', which just means it couldn't get to the polling destination (google I think it polls). So I looked at the pi and dnsmasq was at 100% CPU. A quick tcpdump showed the two hammering at each other and /var/log/pihole.log was pretty loaded as well.

    I'm still fighting it a bit as it looks like when the block lists update, it wiped out the local one. So i'm now trying this in dnsmasq.conf where pihole wont touch it. I'll have to give it another couple hours to know for sure.

    address=/lb._dns-sd._udp.0.180.168.192.in-addr.arpa/127.0.0.1

    Edit: All was well this morning, so I think this time it worked. So for the full config for future reference:

    1. Setup the pihole as normal.
    2. Edit /etc/dnsmasq.conf and add the following line (replacing 180 with your subnet)

    server=/180.168.192.in-addr.arpa/192.168.180.1
    address=/lb._dns-sd._udp.0.180.168.192.in-addr.arpa/127.0.0.1

    1. Reboot the pihole

    2. Update the DNS on the amplifi to point to the pihole.

    3. Disable DNS caching on the amplifi

    4. Profit

    Note: I also noticed that the pihole has a setting to do this kind of thing itself in the DNS settings (forward reverse for local domain). I didn't try it yet to see what difference it makes, but i suspect you'll still have to add that lb._dns-sd address to control that storm.


  • @michael-easlick If you're in router mode, you may have problems with the reverse lookups since they'll now be coming in on the WAN side and the amplifi should be tossing them. If you're in bridge mode, I suspect it'll work fine moving it up a layer as it should then just look like an upstream DNS server to both networks.


  • @michael-eckhoff Hi, did not find the "Disable DNS caching on the amplifi" Where is this done?
    And thx for the guide on this topic!


  • @kenneth-nilssen You need to go to the web interface on your router for that. So browse to the default gateway address (or amplifi.lan if it's resolving).

    Also, interestingly, this won't be needed much longer. pihole has added a delegation to the DNS tab in their settings. It's not pushed to the production interface yet, but it's in the development channel for FTLDNS.

    So if you wanted you could alternately do this:

    1. Follow the directions here: https://pi-hole.net/2018/03/24/help-us-beta-test-ftldns/ to switch to FTLDNS beta.
    2. Go to the DNS settings on the pihole and scroll to the bottom. Plugin the router IP address and domainname 'lan'.

  • @michael-eckhoff Thank you, this worked for me. I do only get the ip and not dns names tho


Log in to reply
 

Looks like your connection to AmpliFi was lost, please wait while we try to reconnect.