46Intercept & forward DNS queries w/o Eero Secure (for Pi-Hole users)
First, let me say I think Eero secure is great and for 95% of customers is an awesome solution to help hide ads and block malware. One feature that I really like about Eero secure is that it will intercept ALL outbound DNS requests and then use the encrypted and curated DNS service they partner with. This means devices on the network that are configured for public DNS servers get the benefit of encryption and curation, without needing to be changed.
But, for those of us that want more DNS control, we could be running a Pi-Hole instance possibly coupled with DNSCrypt. While we can easily configure Eero to have DHCP clients point to our internal Pi-hole address, 'rogue' requests to other DNS servers are NOT intercepted and routed to pi-hole. This means DNS 'leaks' could occur (unlike with Eero secure).
My feature request for the Eero engineers is this: Under Eero labs add a feature called something like "DNS Redirection" that we can toggle on/off and then configure specific IP(s) that Eero will send 'rogue' DNS requests too. This would have the effect of re-routing rogue requests to Pi-hole to be filtered, just like Eero secure would do with its own DNS server. Or, put the option on the "DNS" configuration page where you can set a custom DNS server. Alternatively, don't even make it a GUI option and just force all DNS queries to use the custom DNS IP(s) when that is configured.
I realize this would not be a widely used option, but for those of us advanced geeks, it would be a GREAT addition. Since the DNS intercept logic already exists in Eero via Eero secure, it doesn't seem to be to be a big development effort to enable this when a 'custom' DNS server is configured.
-
This would be an excellent extra setting or feature. Right now, without setting up a different router and using my eero system as an AP, I have no way of forcing hard coded DNS requests to be sent to my local DNS running with Pi-Hole.
-
I've been poking around for a while trying to figure out why certain DNS resolutions aren't being blocked on my network with the Eero using a custom DNS pointing to my Pi-Hole.
I'm not sure what the custom DNS setting even does if it isn't routing those requests to the Pi-Hole.
-
SpencerAU
Certain devices have a hard coded DNS provider. A good example is a Google smart speaker. Rather than asking the router (in this case an eero system) for a DNS provider, they just send the requests to Google DNS directly. Devices that do ask eero for a DNS get the Pi-hole address. The eero doesn't forcibly redirect alll DNS requests, it merely tells device which one to use (if they ask).
-
MZGSZM Thanks for the reply! I recently upgraded to the Eero Pro mesh system. On my previous router, I was seeing ads and such blocked on websites on my laptop. However, that is no longer happening with the Eero. Perhaps having the Pi-Hole be my DHCP server could change something?
-
SpencerAU
Peculiar...
I don't see why having it set as the DNS wouldn't be enough. That works fine for my network. The only devices that don't get filtered are the couple Google Home speakers I've got. I'd almost suspect that someone may have plugged in a custom DNS on the laptop by hand. Does filtering work on other devices?
-
MZGSZM Well that's good to know. Perhaps something is off with my config somewhere. I have the Pi-Hole plugged directly in the Eero Pro's second ethernet port. The Eero has a custom CDS address that is my Pi's IP.
No devices seem to be really filtering like they used to - if at all. And nothing has really changed on those devices.
If it's working for you, that means I have something setup incorrectly somewhere. That's some good news for the most part. Thanks!
-
MZGSZM After another reboot, things seem to be better. The only thing I did was set a secondary DNS server in the Eero to Cloudflare's DNS (1.1.1.1) address. Not sure if that did something or the reboot that followed.
Either way, things seem to be ok for now. Thanks for the assistance!
-
SpencerAU
No problem. I'm guessing that the eero system probably polls both DNS servers and uses whichever request comes back first. I have mine set with Pi-hole only with no secondary DNS.
-
-
This is a great request. Those of us who love that aspect of eero Secure (capturing all DNS requests) but hate that you cannot control what eero Secure blocks (no white/blacklist), would benefit greatly from this separation of responsibilities.
-
I agree that this would be a nice feature to send all rogue DNS requests through the custom DNS configured on the Eero gateway!
-
I am also in support for this feature request.
Or add additional functionality so I can see granular details for threat blocks, ad blocks, and scans. Allow me to make further exceptions if necessary.
I am fairly new to Eero and apologize if there is documentation somewhere as I am still reviewing your support articles.
-
Agreed. I appreciate Eero's solid simplicity and ease of use. But, more advanced options should be available for those who can use them.
