Redirect Hard-coded DNS To Pi-hole Using EdgeRouter X

Written by Brent Wilson on July 30, 2018

This guide will show you how to use your Ubiquiti EdgeRouter X to redirect any devices that have hard-coded DNS to your Pi-hole so that your Pi-hole can block ads and tracking on those devices.

The Issue

If you are running a Pi-hole on your network you more than likely are wanting every DNS query to pass through it so that it can work the way it is intended to. The problem is that there are devices out there that have hard-coded their DNS, such as the Chromecast, so that no matter where you point your router’s DNS to, they will still use the hard-coded DNS within the device. This means that any advertisement or tracking the device has will still be able to work.

The solution to this issue is to use your EdgeRouter X to capture any DNS query on port 53 and then force it to go through your Pi-hole. With two simple NAT rules we can do this.

Add Source Nat Rule

Login to your EdgeRouter X and then click the Firewall/Nat tab. Once the page has loaded click the Nat sub tab. We are going to click the Add Source Nat Rule button which will open a new window. Now, your details will more than likely not be exactly like mine. I set my router up using the Wan+2LAN2 wizard which ended up giving me a usuable DHCP range of My Pi-hole IP addresses are and Keep those in mind when you view the below screenshots and adjust according to your setup.

Add Source NAT Rule To Capture Hard-coded DNS Queries.
Add Source NAT Rule To Capture Hard-coded DNS Queries.

Once done click save.

Add Destination NAT Rule

Below we are going to route all traffic that does not belong to our Pi-holes (or other DNS server) to our Pi-hole. Please notice that there is a ! before the rule.

Add Destination NAT Rule To Capture Hard-coded DNS Queries To Pi-hole.
Add Destination NAT Rule To Capture Hard-coded DNS Queries To Pi-hole.

Once done click save.

Final Results

Once you have it set up, if you have any devices actively communicating on your network using hard-coded DNS, you should start to see the count column start going up as well as you should see your router’s IP address showing up in your Pi-hole. Any hard-coded DNS queries captured will show up under your router’s IP address.

EdgeRouter X NAT Page
EdgeRouter X NAT Page

and here is my router’s IP address ( showing up in Pi-hole.

Pi-hole Chromecast
Pi-hole showing captured hard-coded DNS queries from Chromecast.

Thanks to this reddit thread and this reddit comment for the guidance!

Topic tags:

Notify of
Most Voted
Newest Oldest
Inline Feedbacks
View all comments

can you do the same for IPV6? and DNS6?

Nathan Friedly

Didn’t seem to work for me. I did similar settings to yours, only for my lan and pi hole’s addresses and suddenly no DNS worked. Even from my pi hole, I couldn’t connect to outside DNS. Then I disabled the new rules and still nothing worked. Then I deleted them and I still couldn’t get DNS. I rebooted it and still no dice. I ended up having to do a factory reset and reconfigure my edgerouter from scratch before it would let DNS traffic through again. Not your fault, but kind of frustrating. Anyways, just putting this our as a… Read more »


Same here, i’ have multi wan (i’ have a edgerouter x sfp and the sfp are my lan and eth0, eth1 eth2 and eth3 are wan) i’ follow the guide (and of course with the correct ip of my network and my 2 pi hole, but do not work, after put the rules i’ unable to go out to internet.


Can I use this for a public dns server address? Eg nextdns.


Would it be the DNs server address or the router address when I replace your PiHole address in the guide?


I’m trying to do this on Openwrt but I can only manage to block requests to other DNS servers, not redirect requests to the Pihole. Any tips?


I have a pihole on docker in my nas. My edgerouter is hosting 4 vlans. Pihole works on the vlan where the pihole server resides but not accross the other vlans. I setup dns to listen on the vlans interfaces but nothing seems to work. Thank you.