Redirect Hard-coded DNS To Pi-hole Using EdgeRouter X
This guide will show you how to use your Ubiquiti EdgeRouter X to redirect any devices that have hard-coded DNS to your Pi-hole so that your Pi-hole can block ads and tracking on those devices.
The Issue
If you are running a Pi-hole on your network you more than likely are wanting every DNS query to pass through it so that it can work the way it is intended to.
The problem is that there are devices out there that have hard-coded their DNS, such as the Chromecast, so that no matter where you point your router’s DNS to, they will still use the hard-coded DNS within the device. This means that any advertisement or tracking the device has will still be able to work.
The solution to this issue is to use your EdgeRouter X to capture any DNS query on port 53 and then force it to go through your Pi-hole. With two simple NAT rules we can do this.
Add Source Nat Rule
Login to your EdgeRouter X and then click the Firewall/Nat tab. Once the page has loaded click the Nat sub tab. We are going to click the Add Source Nat Rule button which will open a new window.
Now, your details will more than likely not be exactly like mine. I set my router up using the Wan+2LAN2 wizard which ended up giving me a usuable DHCP range of 192.168.1.38-192.168.1.243. My Pi-hole IP addresses are 192.168.1.42 and 192.168.1.43.
Keep those in mind when you view the below screenshots and adjust according to your setup.
Once done click save.
Add Destionation NAT Rule
Below we are going to route all traffic that does not belong to our Pi-holes (or other DNS server) to our Pi-hole. Please notice that there is a ! before the rule.
Once done click save.
Final Results
Once you have it set up, if you have any devices actively communicating on your network using hard-coded DNS, you should start to see the count column start going up as well as you should see your router’s IP address showing up in your Pi-hole. Any hard-coded DNS queries captured will show up under your router’s IP address.
and here is my router’s IP address (192.168.1.1) showing up in Pi-hole.
Thanks to this reddit thread and this reddit comment for the guidance!