LuCI DNS configuration for pi-hole


I’m about to install an LXC container with pi-hole.
That’s all going well.

Now my question is which settings I have to make in LuCI so that everything goes through the pi-hole.

I found some instructions.

Some say it’s enough to adjust the DHCP options in the Advanced Settings of the network interface. Like 6,(pi-hole IP)

other sayings you have to disable ‘resolver’ and ‘kresd’.

And what else to say you have to change the ‘option port’ 0 to 53 in the DHCP config.

Unfortunately I am a little confused now. So can someone tell me the correct settings?

First of all, thanks for the manual.
But that’s the point.

In the manual under “Pi-hole řešení skrz WAN/DNS”.
Should the IP of the pi-hole DNS server be entered. I do not have this setting under WAN. Is the manual outdated or has something changed?

Those are the reasons why I am confused.

Personally, I think the best “topology” for pi-hole is to (1) hand out pi-hole IP over DHCP and have it forward to Omnia’s IP (kresd e.g. in defaults).

(2) If you make kresd (or unbound) forward through pi-hole, you will get into slight problems… because pi-hole changes DNS records when it blocks, which will be detected in case the records were covered by DNSSEC, and the resolver will retry obtaining “correct proofs” in those cases. That’s also one part of the motivation to do it inside kresd instead of pi-hole, e.g. via the adblock package.

(3) And if you use pi-hole without a resolver that validates DNSSEC locally, you lose some security (though it’s arguably a negligible difference to common clients).

Okay, I think I get it.

  1. enter DNS pi-hole in the Advanced DHCP Options in LuCI for the LAN interface.

  2. in Pi-hole enter the router as next DNS.

  3. enter a DNS of your choice in Luci or Foris for WAN.

is that right?

Yes, I think so. Afterwards, it might be nice to improve the community docs based on the experience…

Thanks for the link.
I guess you didn’t follow the topic quite so well.

Also in this manual there are steps that are no longer necessary or possible.

  1. you don’t need to deactivate the resolver and kresd anymore.

  2. pi-hole is no longer configured in the WAN interface.

  3. the port in the DHCP config does not have to be changed.

Does this approach retain the .LAN name resolution that is provided by dnsmasq?

This works:

  1. Edit Network > Interfaces > LAN > DHCP Server > Advanced Settings:


Specify the IP address of the pi-hole server ( in the DHCP-Options.

  1. Edit Pi Hole’s DNS settings (Pi Hole > Settings > DNS):
  • Remove the values from the Upstream DNS Servers section.

  • Add the IP address of the Turris Omnia to the Custom 1 text box


  • Configure the Conditional Forwarding section (displays host name rather than IP address):

  • Click Save
  1. Add desired DNS servers to Foris:

which adds these lines to /etc/config/network:

config interface 'wan'
	list dns ''
	list dns ''
  1. Reboot

Hi guys,
what about ipv6? pi-hole supports ipv4 and ipv6. where in turris can the ipv6 address of pi-hole be entered?
Thanks for any help