Add to PiHole-VPN docs - iptables rule to block dns queries to dns resolvers other than pihole

Hello,

as some people encounter, i had the issue that Pi-hole is not working on Android (in my case 9) WiFi (with or without static DNS) nor on cellular (both) with OpenVPN’s push DNS option (pointing to pihole). People in this thread Pi-Hole works everywhere except Android Phones describe Google bypasses the given DNS settings in other sites i read that some cellular ISP-(stations?) force to set DNS resolvers.

My workaround to these kinds of setting DNS resolvers other than pihole is to route all traffic through OpenVPN with PiHole as DNS Resolver as described here: https://docs.pi-hole.net/guides/vpn/overview/ with dropping all dns queries to dns resolvers other than pihole.
I have configured the PiHole to listen on all interfaces, pushed the DNS option with the Pi’s IP from eth0-Interface e.i. 192.168.ABC.DEF (also described here: https://docs.pi-hole.net/guides/vpn/dual-operation/) AND i installed the additional (to https://docs.pi-hole.net/guides/vpn/firewall/) iptables-rules:

sudo iptables -A FORWARD ! -d 192.168.ABC.DEF -i tun0 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j DROP

This drops all forwarded DNS queries (all udp traffic on port 53) from interface tun0 that has not the destination 192.168.ABC.DEF (e.i. the eth0-Interface IP of the Pi on which the pihole listens)

Please try this out or suggest better solutions/potential issues with this! If there is a good solution, please update https://docs.pi-hole.net/guides/vpn/* (potentially /firewall ?) so that other also gets ads blocked with OpenVPN+Pi-hole on Android because me already costs this a lot time.

Thank you!

You can always open a Pull request via https://github.com/pi-hole/docs/pulls

Oh, i didn’t see the docs git while scrolling through pihole gits. I will definitely do that!

1 Like