on 11-02-2022 07:45 PM
I'm lucky enough to have TTs 1gig package and was sent a pair of eero pro6's, one of which is used as the router, the other a MESH AP on the landing.
I also run a raspberry Pi with PiHole which blocks adverts for devices connected to my Lan, I've used this for many years as it works great.
On top of this I run a VPN server, so I can benefit from PiHole whilst I'm out and about.
Since joining TT I've been having issues blocking adult content with the eero content blocker.
After looking into it I found that the eero sends (advertises) the DNS servers set in the DNS settings page and not its own internal IP.
Because I've set my piholes address in the eeros DNS settings page, all my Lan traffic goes through my PiHole but misses all the eero filter settings.
Manually setting a connected clients DNS settings to the routers IP means that both the eero and PiHole filtering works.
Eero router Lan IP = 192.168.1.1
PiHole IP = 192.168.1.200
Client connects to Lan with DHCP and gets the following:
IP = 192.168.1.2
DNS = 192.168.1.200
No eero filtering works, but ads are blocked by PiHole.
If I give the client a static Lan address:
IP = 192.168.1.2
DNS = 192.168.1.1
eero filtering and PiHole filtering both work.
Is there a way to tell eero to issues its own internal IP as the DNS server to clients that connect?
I've also noticed that the guest network issues clients both my PiHole DNS address and TTs DNS server addresses, which sort of makes a custom DNS setting useless.
31-05-2022 08:18 PM - edited 31-05-2022 10:03 PM
The Eero is not a DNS server but forwards DNS requests to TalkTalk for the filtering/ safe browsing function. You would not use the Eero IP as a DNS address. I would get rid of the Eero and use your Asus or a new router. As you’ve mentioned the Eero is seriously lacking ports and also lacks config options. Set the new router as a DHCP server and set your PiHole as the DNS forwarder to your chosen DNS servers. Your equipment will only use one DNS address at a time, so if the PiHole fails then internet will stop unless you configure a secondary such as 188.8.131.52 or Google DNS 184.108.40.206. The risk there is some devices might take the non PiHole route. I use PiHole as a primary DNS and 220.127.116.11 as fallback. Generally it works fairly well. It’s rare that PiHole is not used for DNS requests. If you want to split you network then with a more configurable router, set up a new SSID that has its own DHCP server and DNS servers pointing to TalkTalk for safe browsing, then the main LAN/SSID can use the configured DNS servers through PiHole. I’ve not tried this, but you could set the PiHole as the primary DNS and set the downstream DNS in the PiHole to TalkTalk for the safe browsing element. If you want to you can configure the PiHole as a recursive DNS server using ubound and handle all the DNS requests on your network. I don’t think the availability of Wifi6 outways the lack of configuration capabilities of the Eero. It’s a plug and play device for those that do just that and do t need anything more complex. if you want a powerful router connected directly to your ONT look at the UniFi UDR or UDMBase. They are prosumer devices and extremely powerful having said that then max out at around 900mbps. The UDMPro is the more powerful device but big and normally sits in a rack. I have a UDMBase (Looks like a big pill). Very powerful and configurable and the UDR supports Wifi6.
on 31-05-2022 10:59 AM
I don't see why the IP address of your PI is being used as the DNS server that is handed out via DHCP, unless the DNS server address has been changed to this within the DHCP server's configuration. Is the PI the DHCP server or the Eero? If the latter, I do not have an Eero, but if you can get me a screenshot of the Eero's DHCP configuration page from within its app, then I might be able to help.
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they?
14-02-2022 11:59 AM - edited 15-02-2022 01:33 PM
But It seems a waste to keep adding network equipment to provide simple services.
I've already had to include my old ASUS router on my Lan. Configured with WiFi turned off and acting as a network switch, because the eero only comes with 2 RJ45 ports and no usb.
As I use a USB HDD as a network drive I cant plug it into the eero.
One of the RJ45 ports is used for the BT Modem(ONT) so that leaves me with one RJ45 port free.
So do I plug my PC in, my Raspberry Pi or my TV box?
I ended up bringing my Asus router out of retirement, connected it to the free eero RJ45 and can now connect my HDD, PC, Raspberry Pi and TV box.
The eero seems to be lacking a lot IMO. I believe its purpose is to try and make things easy for those not that tech savy and I think the only reason I'm using it is for the wifi6.
Anyway the good news.
I found half a solution for using PiHole DNS and eero content filtering.
If you want to use the eero content blocking and a custom DNS service, you can't ASFAIK.
Try it by Popping 18.104.22.168 into the custom DNS setting, setup a content profile in the eero and you'll see at dnsleaktest.com your DNS requests are going to TalkTalk servers and not Cloudflare.
Delete your eero content profile and check again at dnsleaktest.com and all of your requests will be going to your custom DNS (Cloudflare in this case).
Because I use PiHole I can setup which device uses which PiHole adlist group (which I forgot tbh).
So I added all my adlists as normal and added extra adult content adlists under a new group called Kids in the group management section of PiHole.
Again under PiHole group management I added a new client, my kids device by MAC address.
For Each PiHole client (my children's devices) I assigned the adlist group default(my normal ad block lists) and Kids (my adult block lists).
Now my phone is not assigned as a client in group management, so only uses the default adlist.
So I see no adverts and boobies.
If my son connects his device (which is a part of the kids and default groups) he sees no adverts as I do, but he also sees no boobies.
I have eero configured with no profiles, but I have left the secure+ features on (I tested with both on and off and didn't see a difference).
So no content filtering with eero and filtering managed by PiHole.
I hope I've explained what I was trying to achieve and helped somebody searching in the future.
on 14-02-2022 10:56 AM
Hi @roo2002 have you looked on the Tech support pages for Eero?
While TT supplied the product, it might be difficult to supply a specific answer with the range of variables involved in your setup.
Personally, I quite like TP Link ER605 to act as the router and have BT Whole home mesh.
I hope to get an Eero to try out as an alternative mesh solution.
Not played with Pi-hole as an ad blocker and reviews are, as usual, variable.
Hope you find a solution.
on 14-02-2022 09:14 AM
Thank you for your reply Michelle, I understand my setup maybe fairly custom, but not unique as I know a lot of people have started to use PiHole.
I basically want most devices unfiltered by eero, but all devices using PiHole as the DNS server.
That's what it does atm, so great.
On top of the above I want my children's devices to block adult content, I don't want them seeing something by mistake.
I only want certain devices blocked, not all.
So I thought I'll create a profile to block content and assign the children's devices to that profile.
I assumed that the children's devices would request an address from eero, eero would block if relevant else PiHole would supply the response.
After looking into it and setting static Lan details on the children's devices (eeros address for DNS), I found that eero blocks the content or uses TTs DNS servers for the response.
So it looks like eero can't block content then use custom DNS servers.
I understand that this is something that would require a change in how eero routes DNS requests, so wouldn't be changed because 1 person wanted it.
But if somebody else reading these forums does something similar, it maybe helpful.
on 14-02-2022 08:08 AM
Pleased to hear you're happy with everything. Your set up is pretty custom and I'm not sure what you're asking can actually be done but one of our members may be able to offer advice, however the eero controls live on the device and given your set up clearly that is being bypassed. As such have you considered using homesafe which lives on the network and will apply to all network traffic. You will however have to test this with anything connecting via your local vpn as homesafe works based upon the DNS.