Pihole + Unbound with VPN client on AC86U Merlin

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

ultraman

New Around Here
Hi all, I'm new here and, as you will discern from this post, new to networking as a whole.

I would be grateful for any general advice or input around my setup.
I have some specific questions that are down to knowledge gaps and understanding.

The main aim of this setup is to increase security and privacy.

I'm currently running asuswrt-merlin on RT-AC86U with an openvpn client in client 1.
All traffic goes through the VPN tunnel by using using 'policy rules (strict)'.
VPN client uses the VPN provider's DNS for WAN DNS by using the 'exclusive' setting. WAN DNS is set to 'connect automatically'.

Pihole is attached to the RT-AC86U and this is used as the LAN DNS for all clients by implementing DNS Filtering rules in LAN settings. LAN DNS Server 1 is set to the pihole IP.
Unbound is on the pihole in the default configuration (https://docs.pi-hole.net/guides/dns/unbound/).

My query here is, am I unwittingly bypassing my VPN client by using unbound as the dns resolver? I'm forcing all LAN traffic through the pihole using DNS filtering and forcing all WAN traffic through the VPN tunnel so I am hoping that the DNS resolver doesn't jump out of this tunnel when resolving queries but I'm unsure how to test or confirm this.

Will some traffic bypass the pihole by following the VPN client 'policy rules (strict)' rules?

I also seem to be getting IPv6 addresses back when doing an nslookup but IPv6 is disabled.

Are there opinions on using my VPN provider's WAN DNS here? Or is it better to use somethinig like Quad9 as suggested here ( https://www.reddit.com/r/pihole/comments/dfm5j4 ).
Or just my ISP's?

Thanks for reading, any help is much appreciated.
 

Attachments

  • DNS filter.PNG
    DNS filter.PNG
    20 KB · Views: 25
  • LAN DNS pihole.PNG
    LAN DNS pihole.PNG
    36.8 KB · Views: 22
  • Policy rules strict.PNG
    Policy rules strict.PNG
    25.8 KB · Views: 22
  • VPN DNS setting.PNG
    VPN DNS setting.PNG
    23.1 KB · Views: 24

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top