XR1000 - Custom DNS + Guest wifi = Broken (pihole)

[MotFPS]

I disabled the DHCP sever on the XR1000 due to DHCP server bugs (unable to use pihole/it's on a separate topic/Still unfixed bug). This also is repeated when using a pihole on the network. Running a pihole as a custom DNS server works for LAN (wired/wireless) clients but breaks when using the guest wifi feature. 

In my case the XR1000 isn't the DHCP and DNS server, guest wifi connections cannot resolve DNS queries. The guest wifi can contact internet IPs without DNS but this effectively breaks most devices connected to the guest wifi especially IOT devices where you cannot specify a DNS server. 

The root cause is because my DNS server is a pihole device on the LAN segment that the guest wifi is unable to communicate with. So while this is related to my DHCP issue, it is really caused because my custom DNS server is blocked by the guest wifi firewall. 

In essence, the guest wifi works perfectly since it still gets a DHCP IP address from the LAN but because I'm using a custom DHCP server and DNS server, the guest wifi doesn't know to give guest wifi devices access to that custom DNS server. 

Fix: Give an option to allow traffic between the guest wifi and a specific LAN IP address. Essentially, the guest wifi would still be segmented but a user specific IP would be allowed to be connected to the guest wifi giving people that want a working pihole with this netgear to continue to use it. 

[Netduma Fraser]

Based on what you've said, enabling the option 'Allow guests to see each other and access my local network' in the Guest WiFi Setup may actually allow guest WiFi devices to communicate properly with the PiHole. Try that and let us know how you get on please.

[MotFPS]

1 hour ago, Netduma Fraser said:

Based on what you've said, enabling the option 'Allow guests to see each other and access my local network' in the Guest WiFi Setup may actually allow guest WiFi devices to communicate properly with the PiHole. Try that and let us know how you get on please.

That's correct. "allow guests to see each other" gives Guest Wifi clients access to the custom DNS server.  However that negates the entire point of having a guest wifi network.

Reasons for having an isolated guest wifi network include having untrusted IOT devices in your home (Wemo, nest thermostats, etc). As well as actual guests that you don't want on your LAN. The entire point of the guest network is isolation. Giving those devices LAN access to enable DNS functionality is what I'm trying to avoid. 

I'd like to see an option to allow guest wifi clients access to a single IP for homes with a pihole. The problems stems from the unfixed DHCP bugs and custom DNS servers hosted on the LAN (Pihole installs)

[Netduma Fraser]

As it stands I do not believe there is a way to do this currently. I'll personally email the NG lead for the XR regarding this and the other topic as it will be them that needs to look into this.

[MotFPS]

Thank you Fraser. 

 

Entirely, my use of pihole is what complicates these issues (DNS, guest wifi, etc). Using an external DNS server removes these problems however with pihole becoming more mainstream I'd like to see the use of pihole considered from the Netgear/Netduma family. Pihole (and similar services) offer features that many people have become reliant on. Netduma/Netgear with pihole support is a perfect scenario that a huge community would be ecstatic over. 

 

Again, thank you for being active on this forum. 

[MotFPS]

Admins, 

 

In the new firmware coming out, will I be able to use my Pihole with the XR1000?

[Netduma Liam]

7 hours ago, MotFPS said:

Admins, 

 

In the new firmware coming out, will I be able to use my Pihole with the XR1000?

There will be, we don't have an ETA for it yet unfortunately though.

You should be able to use your PiHole as well as the XR1000 now. What's the issues you're running into?

[MotFPS]

14 hours ago, Netduma Liam said:

You should be able to use your PiHole as well as the XR1000 now. What's the issues you're running into?

The above thread goes into more detail but basically, the firmware as it is does not support pihole since you cannot modify the DHCP option for DNS servers. You can only do so on the internet side which is not compatible with pihole. 

Please see the discussion on this thread. 

[Netduma Fraser]

There is actually some discussion on our Discord about this currently and it seems like someone has got it working so you may want to head over and see what they've done and ask them questions if needed. https://discord.gg/gSXNc6cU

[MotFPS]

2 hours ago, Netduma Fraser said:

There is actually some discussion on our Discord about this currently and it seems like someone has got it working so you may want to head over and see what they've done and ask them questions if needed. https://discord.gg/gSXNc6cU

Negative. They figured out a work-around not a solution. 

They're disabling DHCP on the XR1000 and using pihole as a the DHCP server. I'm doing that now as a temp work around. 

 

We'd like an actual solution implemented. Other brands of routers allow the user to manually specify the LAN DHCP DNS options (dlink, linksys, etc) but not this $300 router? This is something that should be in the new firmware. 

[Netduma Fraser]

It's one for Netgear to implement, we're focused on making software that works best for gamers and high bandwidth users, features like that are rarely requested but can be implemented