Redirect Hard-coded DNS To Pi-hole Using EdgeRouter X

Spread the love

This guide will show you how to use your Ubiquiti EdgeRouter X to redirect any devices that have hard-coded DNS to your Pi-hole so that your Pi-hole can block ads and tracking on those devices.

The Issue

If you are running a Pi-hole on your network you more than likely are wanting every DNS query to pass through it so that it can work the way it is intended to. The problem is that there are devices out there that have hard-coded their DNS, such as the Chromecast, so that no matter where you point your router’s DNS to, they will still use the hard-coded DNS within the device. This means that any advertisement or tracking the device has will still be able to work.

The solution to this issue is to use your EdgeRouter X to capture any DNS query on port 53 and then force it to go through your Pi-hole. With two simple NAT rules we can do this.

Add Source Nat Rule

Login to your EdgeRouter X and then click the Firewall/Nat tab. Once the page has loaded click the Nat sub tab. We are going to click the Add Source Nat Rule button which will open a new window. Now, your details will more than likely not be exactly like mine. I set my router up using the Wan+2LAN2 wizard which ended up giving me a usuable DHCP range of 192.168.1.38-192.168.1.243. My Pi-hole IP addresses are 192.168.1.42 and 192.168.1.43. Keep those in mind when you view the below screenshots and adjust according to your setup.

Add Source NAT Rule To Capture Hard-coded DNS Queries.
Add Source NAT Rule To Capture Hard-coded DNS Queries.

Once done click save.

Add Destionation NAT Rule

Below we are going to route all traffic that does not belong to our Pi-holes (or other DNS server) to our Pi-hole. Please notice that there is a ! before the rule.

Add Destination NAT Rule To Capture Hard-coded DNS Queries To Pi-hole.
Add Destination NAT Rule To Capture Hard-coded DNS Queries To Pi-hole.

Once done click save.

Final Results

Once you have it set up, if you have any devices actively communicating on your network using hard-coded DNS, you should start to see the count column start going up as well as you should see your router’s IP address showing up in your Pi-hole. Any hard-coded DNS queries captured will show up under your router’s IP address.

EdgeRouter X NAT Page
EdgeRouter X NAT Page

and here is my router’s IP address (192.168.1.1) showing up in Pi-hole.

Pi-hole Chromecast
Pi-hole showing captured hard-coded DNS queries from Chromecast.

Thanks to this reddit thread and this reddit comment for the guidance!


Spread the love

4
Leave a Reply

avatar
3 Comment threads
1 Thread replies
3 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
ErickJohn WBrian Klug Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Brian Klug
Guest
Brian Klug

This worked really well! Thanks

Brian Klug
Guest
Brian Klug

One thing I will add it may have been easier to illustrate with a single pihole address since a) thats what most people have but more importantly b) in the example screenshots I misread it numerous times thinking the pihole addresss was my local lan since it was a range just like the lan range (just different numbers hard to notice)

Erick
Guest
Erick

How would I do this if I my two Pihole devices have IP addresses that are not next to each other?

John W
Guest
John W

Great article. A good test once finished would be to run “dig @8.8.8.8 cnn.com” and see if the captive dns count goes up.