Solved Pihole+Unbound and DNS Leaks

[Untried3868]

Running dual Raspberry Pi with Pihole and Unbound (identical settings) on two Asus AXE16000 routers (setup in signature). I'm seeing lots of log entries in the two RPis, both allowed and blocked. So I assume it's working. However when I run a DNS leak test (web based) I'm either seeing VPN DNS (Windscribe/ControlD) which I expected, or with the VPN disabled my ISP DNS (Verizon FiOS).

I've tested on a couple of leak test sites, all with the same results. Is this normal or have I screwed something up? Below are screenshots of my various settings.

WAN DNS:

LAN DNS:

LAN DNS Director:

Edit: RPi setting images are unreadable. Removed.
Edit 2: I did follow the excellent guide @bennor wrote here.

 

[dave14305]

With Unbound as the upstream DNS for Pi-Hole, you should be seeing your ISP-provided WAN IP or VPN provider’s IP. Do the IPs shown in the leak test match those?

 

[Untried3868]

With Unbound as the upstream DNS for Pi-Hole, you should be seeing your ISP-provided WAN IP or VPN provider’s IP. Do the IPs shown in the leak test match those?

Yes, but I thought the entire purpose of Pihole was to bypass the ISP DNS server(s)?

 

[dave14305]

Yes, but I thought the entire purpose of Pihole was to bypass the ISP DNS server(s)?

It shouldn’t be the ISP DNS IP. It should be your own WAN IP shown. Both may belong to Verizon, but you need to clarify if it’s your own IP or not.

 

[Untried3868]

It shouldn’t be the ISP DNS IP. It should be your own WAN IP shown. Both may belong to Verizon, but you need to clarify if it’s your own IP or not.

I'm an idiot. You're correct. The test results are showing my ISP given WAN IP and not what I thought was the ISP DNS IP.

Thank you for replying.