27

Intercept & forward DNS queries w/o Eero Secure (for Pi-Hole users)

First, let me say I think Eero secure is great and for 95% of customers is an awesome solution to help hide ads and block malware. One feature that I really like about Eero secure is that it will intercept ALL outbound DNS requests and then use the encrypted and curated DNS service they partner with. This means devices on the network that are configured for public DNS servers get the benefit of encryption and curation, without needing to be changed.

But, for those of us that want more DNS control, we could be running a Pi-Hole instance possibly coupled with DNSCrypt. While we can easily configure Eero to have DHCP clients point to our internal Pi-hole address, 'rogue' requests to other DNS servers are NOT intercepted and routed to pi-hole. This means DNS 'leaks' could occur (unlike with Eero secure).

My feature request for the Eero engineers is this: Under Eero labs add a feature called something like "DNS Redirection" that we can toggle on/off and then configure specific IP(s) that Eero will send 'rogue' DNS requests too. This would have the effect of re-routing rogue requests to Pi-hole to be filtered, just like Eero secure would do with its own DNS server. Or, put the option on the "DNS" configuration page where you can set a custom DNS server. Alternatively, don't even make it a GUI option and just force all DNS queries to use the custom DNS IP(s) when that is configured.

I realize this would not be a widely used option, but for those of us advanced geeks, it would be a GREAT addition. Since the DNS intercept logic already exists in Eero via Eero secure, it doesn't seem to be to be a big development effort to enable this when a 'custom' DNS server is configured.

10replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • This would be an excellent extra setting or feature. Right now, without setting up a different router and using my eero system as an AP, I have no way of forcing hard coded DNS requests to be sent to my local DNS running with Pi-Hole.

    Like 1
  • I've been poking around for a while trying to figure out why certain DNS resolutions aren't being blocked on my network with the Eero using a custom DNS pointing to my Pi-Hole.

    I'm not sure what the custom DNS setting even does if it isn't routing those requests to the Pi-Hole.

    Like
      • MZGSZM
      • MZGSZM
      • 5 mths ago
      • Reported - view

      SpencerAU 

      Certain devices have a hard coded DNS provider. A good example is a Google smart speaker. Rather than asking the router (in this case an eero system) for a DNS provider, they just send the requests to Google DNS directly. Devices that do ask eero for a DNS get the Pi-hole address. The eero doesn't forcibly redirect alll DNS requests, it merely tells device which one to use (if they ask).

      Like
      • SpencerAU
      • SpencerAU
      • 5 mths ago
      • Reported - view

      MZGSZM Thanks for the reply! I recently upgraded to the Eero Pro mesh system. On my previous router, I was seeing ads and such blocked on websites on my laptop. However, that is no longer happening with the Eero. Perhaps having the Pi-Hole be my DHCP server could change something?

      Like
      • MZGSZM
      • MZGSZM
      • 5 mths ago
      • Reported - view

      SpencerAU 

      Peculiar...

      I don't see why having it set as the DNS wouldn't be enough. That works fine for my network. The only devices that don't get filtered are the couple Google Home speakers I've got. I'd almost suspect that someone may have plugged in a custom DNS on the laptop by hand. Does filtering work on other devices?

      Like
      • SpencerAU
      • SpencerAU
      • 5 mths ago
      • Reported - view

      MZGSZM Well that's good to know. Perhaps something is off with my config somewhere. I have the Pi-Hole plugged directly in the Eero Pro's second ethernet port. The Eero has a custom CDS address that is my Pi's IP.

      No devices seem to be really filtering like they used to - if at all. And nothing has really changed on those devices.

      If it's working for you, that means I have something setup incorrectly somewhere. That's some good news for the most part. Thanks!

      Like
      • SpencerAU
      • SpencerAU
      • 5 mths ago
      • Reported - view

      MZGSZM After another reboot, things seem to be better. The only thing I did was set a secondary DNS server in the Eero to Cloudflare's DNS (1.1.1.1) address. Not sure if that did something or the reboot that followed. 

      Either way, things seem to be ok for now. Thanks for the assistance!

      Like
      • MZGSZM
      • MZGSZM
      • 5 mths ago
      • Reported - view

      SpencerAU 
      No problem. I'm guessing that the eero system probably polls both DNS servers and uses whichever request comes back first. I have mine set with Pi-hole only with no secondary DNS.

      Like
  • This is a great request. Those of us who love that aspect of eero Secure (capturing all DNS requests) but hate that you cannot control what eero Secure blocks (no white/blacklist), would benefit greatly from this separation of responsibilities.

    Like
  • I agree that this would be a nice feature to send all rogue DNS requests through the custom DNS configured on the Eero gateway!

    Like
Vote27 Follow
  • 27 Votes
  • 1 mth agoLast active
  • 10Replies
  • 359Views
  • 8 Following

Need Help? We're here for you!

We're big on support, and we want to make sure you always have the best eero experience possible. Here are several resources you can use if you ever need our help!


Quick links

Community Guidelines

Help Center

Contact eero support

@eerosupport

eero.com