Hi there, On my router/modem I cannot change the DNS entries, thus just using Adguard/PiHole for DNS blocking ads doesn’t work. Would a seperate Router circumvent this problem? Could I set up Adguard (or PiHole) on a Raspberry and use it as a DNS server for my home network?
The plan would be to use my ISP-provided router just as a modem to connect to the internet. Then us a second router to provide my home network, where also Adguard/PiHole can do their thing.
Would this setup work and how would I need to configure it?
I’ve done something similar in Ireland, where ISP router was the only way to connect. Managed to setup everything on OpenWRT router, but it kept disconnecting, so I put openwrt router behind ISP router.
Interesting thing I found in ISP router is DMZ host - just point it to your own router and that’s it. Basically ISP router doesn’t exist lol.
Then you have absolute freedom with your router.
I ran like this for years. As long as you have DMZ/exposed host functionality everything works great. The only thing that needed some massaging was IPv6, but if you want/need that, you probably know enough about it to get it working.
“Double NAT” is a bit of a bugbear in the home lab community, but as long as you can port forward in bulk you should not even notice it, aside from a tiny bit of additional latency.
Cant you just set PiHole’s IP as DNS on your clients?
Yes, especially if you use it as your dhcp server.
Bridge mode on the ISP router is what you want. Then it just passes through the internet connection to the internal router on the edge of your network. It’s what I do with Comcast.
Connect the router’s WAN port into the cable modem. Plug your stuff into the router LAN ports or connect to the new router wifi. Set pi hole to a static address and then set the router’s DNS to point to that. Remove any secondary DNS in the router settings. Reboot everything and make sure it all works. That should be about it.
I had this same problem but Pihole can act as your DHCP server too. I turned off DHCP on my ISP router, turned it on in Pihole and configured my range (with some buffer for static IPs for servers and others) and off it went. When all my clients (laptops, workstations, phones, etc.) requested an IP (which I saw them trickle in almost immediately), they got their IP from Pihole and also automatically directed all DNS queries to Pihole. No need for complicated setups.
Edit: fix typos.
It’s not really optimal, having two firewalls and double NAT. Maybe check if your ISP router supports a modem-only mode.
This is also sometimes referred to as “bridge” mode. Even if the ISP doesn’t officially support it, some googling may reveal how. It’s shockingly easy to find the default credentials for these things, for example.
Wireguard + pihole?
Yes, that will work. On your router plug in WAN (or whatever that’s called on your router) port to the ISP router, set up IP-range and NAT (plus DHCP and whatever other services you might want to use) and plug in the rest of your network on the LAN side of the router. That way the only thing ISP router will see is your own router and everything else is behind that & yours to configure however you wish.
I’ve ran setup like this on several locations and (if possible) I’ve used bridged port on the ISP router, so that ISP router is only a ‘media converter’ and my own router connects directly to the public internet. Just make sure to have proper firewall configuration and keep safety in mind when doing that. If bridging isn’t possible your traffic just goes trough NAT twice (your router and ISP router) which in some odd edge cases can cause problems, but they’re very rare.
I don’t see why it shouldn’t work. I have my ISP router set to pass through mode and my mikrotik router behind it
You can do this with Tailscale. Added plus is you can then use Tailscale on you phone to access your pihole for DNS when on the go.
https://tailscale.com/kb/1114/pi-hole/
https://shotor.com/blog/run-your-own-mesh-vpn-and-dns-with-tailscale-and-pihole/