client VPN changes DNS to 8.8.8.8, circumventing pi-hole

Please follow the below template, it will help us to help you!

Expected Behaviour:

DNS should be the DNS of my pi-hole, 10.0.1.24

Actual Behaviour:

When I connect my vpn [HotspotShield VPN], it changes my DNS nameserver to 8.8.8.8, which then completely circumvents my pi-hole.
Anyone know how to change this behavior so that my DNS stays on 10.0.1.24?

Debug Token:

https://tricorder.pi-hole.net/w02ab6u7cp

Which device are you connecting to the VPN - the Pi, or a separate client on the network? Where is the DNS nameserver being changed?

my iMac is connecting to VPN. My DNS is set in my router.

Is the DNS nameserver on the iMac being reset by the VPN client?

yes, exactly

This is an issue with your VPN client, not with Pi-Hole.

Most VPN services default to routing DNS through their service to prevent DNS leaks.

ok, thanks. I’ve contacted their Helpdesk

If you want to override it, you can try manually editing /etc/resolv.conf on the iMac while running VPN service.

I tried that and from the command line when I do “dig www.google.com” it shows that it used 10.0.1.24. But Safari is still using 8.8.8.8

Then this would be a setting in Safari. The default for all services on the computer is to use the DNS specified by the OS. Are you running any Safari extensions that can change the DNS to Google?

I’m not running any extensions in Safari, except uBlock. But only because pi-hole isn’t working with the VPN connected.

I did notice the following statement at the beginning of the /etc/resolve.conf file:

--------------------------
#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
# scutil --dns
#
# SEE ALSO
# dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
nameserver 8.8.8.8
----------------------------------------------------

so when I run scuttle --dns as it suggests, it shows a long list of entries, the first one being:

resolver #1
  nameserver[0] : 8.8.8.8
  if_index : 15 (utun1)
  flags    : Request A records
  reach    : 0x00000002 (Reachable)
-----------------------

What DNS is in that file and shown in scutil --dns when the VPN is turned off?

in the file and in scuttle --dns, when vpn is turned off is 10.0.1.24.

OK, then it is your VPN client doing this and not a Safari feature.

yeah it’s too bad. can’t find a vpn that works 100% like I want it to. This one circumvents my pi-hole, and another one I tried that let’s me set the DNS causes kernel panics when I use VirtualBox. I just can’t seem to win with vpn. :frowning:

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.