Trying to force all DNS traffic through Pihole/Unbound on Surf SOHO Mk3 and failing

Hi, I’m trying to make sure none of the devices on my network use their hardcoded DNS (like my TVs) to bypass my Pihole using Unbound on my Surf SOHO Mk3. I understand that when I try to capture all DNS requests and forward them, they go to the WAN DNS, but is there a way to force them to go through the Pihole instead? I’ve tried a few different settings, including preferring that DNS proxy forwarding go through my LAN DNS, but no luck, websites just end up failing to resolve. Is there a way to force all requests through my Pihole? I’ve also created a post on the Pihole forum, link below.

Thank you. I already have the Pihole set up, and this link would have been useful had I not, but I am trying to capture any hardcoded DNS requests and force them through the Pihole.

Hi @Cable17 thank you for your help, but my problem is with hardcoded DNS in devices like my TV circumventing the Pihole. The Pihole itself works with normal devices like my computer. Someone at the Pihole forum at the link I included provided me with some help that I have yet had an opportunity to try, I will try it soon.

Greetings henrydon

Quote " I updated my mobile phone to use Cloudflare DNS and am still able to bypass the Pihole DNS"

You should tell your phone to use the pihole’s DNS IP address instead.

Client software that knows the IP address of the DNS server will try and go there without the help of a DNS request / server response.

To prevent that you could try setting up some outbound firewall rules. Say for example…

Then save it and make another one for cloudflares other address:

Apply changes.

If that breaks your internet you can just delete them.


This is what I’ve ended up doing for now. What’s interesting is I see other devices I did not expect trying to occasionally use Google Public DNS and Cloudflare DNS even though they are set to use my home DNS and they do not appear to have hardcoded DNS. Very interesting. They are being blocked at the router and logged. I am sure there is a way to scoop up these attempts and force them through Pihole, but I do not have that level of expertise at this time. I will work on it. Thank you!