Configuring the Pi Hole with Asus Routers (Merlin or John’s Fork)

Introduction

This is a quick and easy tutorial for those that are struggling to setup the Pi Hole with Asus Routers. I started by reading the Pi Hole documentation.

This is sadly not optimal for those of us that have the Asus Router (in my case I have the AC1900), but fortunately after breaking my internet a few times, I was able to find simple settings that allow:

Easy setup
No mucking around with the command line
All the benefits the Pi Hole can offer you

Instructions – Asus Router

Step 1: Follow the Pi Hole install instructions as provided on the link above, you can use the automated install, and just accept all defaults. Note the IP address assigned to the Pi Hole

Step 2: Open the Asus Admin interface (usually 192.168.1.1)

Step 3: Go to the WAN tab, and specify DNS servers for your router. This is very important, otherwise you will end up getting a lot of queries from your router o the Pi for the heartbeat. In my case, I’m using Cloudflare’s DNS:

Step 4: Go to the LAN tab, and under DHCP server, configure the following fields:

Pi Hole with Asus Routers Merlin Configuration

Domain Name: This will make it easier to identify your devices on the Pi Hole Interface later on! Choose something nice 🙂

DNS Server 1: The IP Address of the Pi Hole

Advertise router’s IP in addition to user-specified DNS: Disable, otherwise the router will also be advertised as a DNS server, and will not make the Pi Hole work properly. We will configure something on the Pi Hole later on to ensure that local DNS queries are handled by the router

Forward local domain queries to upstream DNS: Your upstream DNS is the Pi Hole, you want local queries to stay on the router (as these will be coming from the Pi Hole, so if you enable this, you likely create a DNS loop! lol)

Manually Assigned IP: Very important to set the Pi Hole Mac / IP here, this ensures the IP address of the Pi Hole never changes

Instructions – Pi Hole

Step 1: Under the Pi Hole Admin GUI, go to Settings -> DNS

By default Google is selected, but some benchmarks from the web show that Cloudflare performs better: https://medium.com/@nykolas.z/dns-resolvers-performance-compared-cloudflare-x-google-x-quad9-x-opendns-149e803734e5

Note: I recently experienced some VPN issues with Cloudflare (not properly resolving some names), so I reverted back to Google for now.

Pi Hole Advanced DNS Settings for Asus Merlin — The most important setting is the conditional forwarding, as it will ensure you can still resolve local names on your network, and also will make the Pi Hole display stats with names, instead of just the IP addresses

Step 2: Save and reboot everything! Wait for a few minutes, and check your Pi Hole interface to see the queries coming in!

Step 3: Experiment! I plan on trying to enable DNSSEC, and see how much performance impact I end up having. Post comments if you disagree with any of the instructions above! What worked for me might not work for you! 🙂

Posted

December 13, 2018

Network

Carlos

Tags:

Comments

13 responses to “Configuring the Pi Hole with Asus Routers (Merlin or John’s Fork)”

Rick
May 31, 2019
Hello,
Did you ever set up DNSSEC and did you test what the performance impact was?
Reply
1. carlos
  May 31, 2019
  Hi Rick,
  I did not get a chance to test performance impact yet, good reminder as I forgot about it! I’ll look into it and update the post!
  Cheers,
  Carlos
  Reply
  1. Fazendik
    November 5, 2020
    Any updates, Rick? 🙂
    Reply
Venkat
November 19, 2019
Carlos, Worked Perfectly well for me. Just followed your steps to the dot 🙂
My setup:
Router ASUS RT-AC88U as the base router and RT-AC68 as secondary using AiMesh node.
Asus chromebox loaded with Linux mint 19 running Pi hole. No more adds 🙂 in my network.
Reply
Robin
March 10, 2020
Hello, thank you very much for that. With this setup is it also possible to use VPN, when i want all clients in my network use the VPN Connection to NordVPN and so i have also no ads or is this not possible is the Adblocker only for local clients without VPN?
Geeting
Reply
1. carlos
  April 11, 2020
  Hi Robin,
  I did not get a chance to test with a VPN setup, but I suspect that if you have a client inside your network with a VPN tunnel, there is a good chance it will bypass the Pi Hole setup. I found this post with more information (looks like what happens can be OS specific too):
  https://security.stackexchange.com/questions/13900/if-i-use-a-vpn-who-will-resolve-my-dns-requests
  Hope this helps!
  Carlos
  Reply
2. Ben
  June 19, 2020
  Hi there robin I have the same question with the vpn setups as I have several vpns set on my router, did you manage to try setting up pi-hole with the vpn on the asus to see if it works or not ?
  Reply
Sam
May 6, 2020
Carlos, I have a ASUS RT-AX92U and I don’t see the settings for “Advertise router’s IP in addition to user-specified DNS & Forward local domain queries to upstream DNS” and seems like the most of the queries are going through pihole. Any suggestions?
Reply
Kale
May 10, 2020
Hi there,
I have an ASUS CM-32_AC2600 and don’t seem to have the setting in LAN for “Advertise Router’s IP in addition to user-specified DNS” or “Forward Local Domain Queries to Upstream DNS”. Do you do something to enable those setting? Thank you.
Reply
Dane
May 12, 2020
Carlos, you’re the man! This guide saved me a lot of trial and error. It seemed like most of the solutions suggested making the pi-hole a DHCP server, but that wasn’t what I was looking for.
Thanks again for this awesome guide!
Reply
Anton
June 7, 2020
I set it up a little differently: since I already chose the Cloudflare as the main DNS resolver on the pihole, it made no sense to do the same thing on my router.
So, I replaced the Cloudflare address with the pihole address and enabled “Forward local domain queries to upstream DNS” and everything works like a charm!
Reply
R3ckless
August 21, 2020
I was having issue using my pihole as dhcp, the tips you said plus conditional forwarding have fixed my issues with nothing working or getting ip addresses. Thanks for the help!
(doing the same thing with a asus RT-ax88u) the advertise stuff was not on my router settings.
Reply