What's new

Pihole + Unbound with VPN client on AC86U Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ultraman

New Around Here
Hi all, I'm new here and, as you will discern from this post, new to networking as a whole.

I would be grateful for any general advice or input around my setup.
I have some specific questions that are down to knowledge gaps and understanding.

The main aim of this setup is to increase security and privacy.

I'm currently running asuswrt-merlin on RT-AC86U with an openvpn client in client 1.
All traffic goes through the VPN tunnel by using using 'policy rules (strict)'.
VPN client uses the VPN provider's DNS for WAN DNS by using the 'exclusive' setting. WAN DNS is set to 'connect automatically'.

Pihole is attached to the RT-AC86U and this is used as the LAN DNS for all clients by implementing DNS Filtering rules in LAN settings. LAN DNS Server 1 is set to the pihole IP.
Unbound is on the pihole in the default configuration (https://docs.pi-hole.net/guides/dns/unbound/).

My query here is, am I unwittingly bypassing my VPN client by using unbound as the dns resolver? I'm forcing all LAN traffic through the pihole using DNS filtering and forcing all WAN traffic through the VPN tunnel so I am hoping that the DNS resolver doesn't jump out of this tunnel when resolving queries but I'm unsure how to test or confirm this.

Will some traffic bypass the pihole by following the VPN client 'policy rules (strict)' rules?

I also seem to be getting IPv6 addresses back when doing an nslookup but IPv6 is disabled.

Are there opinions on using my VPN provider's WAN DNS here? Or is it better to use somethinig like Quad9 as suggested here ( ).
Or just my ISP's?

Thanks for reading, any help is much appreciated.
 

Attachments

  • DNS filter.PNG
    DNS filter.PNG
    20 KB · Views: 233
  • LAN DNS pihole.PNG
    LAN DNS pihole.PNG
    36.8 KB · Views: 236
  • Policy rules strict.PNG
    Policy rules strict.PNG
    25.8 KB · Views: 273
  • VPN DNS setting.PNG
    VPN DNS setting.PNG
    23.1 KB · Views: 272
Stumbled upon this old thread as I have exactly the same setup and exactly the same doubts :) Not sure what is the best setup to ensure pihole is used for all LAN clients, including these routed via WAN and these via VPN tunnel, and ensure no DNS leaks.

I'm sure you found https://www.dnsleaktest.com/ already, but I wonder if experienced members of this group could share some hints. I have been following SNB forums for a while, particularly Merlin topics, very knowledgeable people here
 
There are many step-by-step guides for Pi-Hole/Unbound/VPN.
Pi-Hole can integrate well with Unbound and PiVPN. If you first install Pi-hole, then the following installs of Unbound and PiVPN will recognize your Pi-Hole installation and integrate.
I used THIS GUIDE to assist a neighbor's setup to view his home security cameras.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top