DNS doesn't work for machines in lan while wireguard works fine

Please follow the below template, it will help us to help you!

If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using nginx instead of lighttpd, or there is some other aspect of your install that is customised) - please use the Community Help category.

Expected Behaviour:

I'd like to be able to set up pihole as DNS for machines in local network and use wireguard vpn on mobile when I'm outside local network.
Raspberry pi 4B, raspbian 10, pihole 5.1 with pivpn and wireguard.

Actual Behaviour:

VPN works amazing - I see queries in query log, ads are filtered. I can't set pihole as DNS for machine. Internet stops working.

Debug Token:

https://tricorder.pi-hole.net/aob6o7dsuy

So as mentioned above pihole works like a charm over vpn, but it stops working when I try to set it as dns on both my laptop with ubuntu 18.04 and phone with miui 11.

In this configuration I have access to the internet, but nothing appears in the query log. I can't access pi.hole/admin. 192.168.1.12/admin works.

In this configuration I have no access to internet, I can't access pi.hole/admin, 192.168.1.12/admin works.

I checked this topic: WireGuard blocking dns requests from other machines - #20 by mbranchick
I was unable to fix the problem.

Pihole, pivpn and wireguard are all installed on the same raspberryPi. I also have Kodi installed with web interface installed on the same machine.

Any help will be much appreciated. I've been fighting with that on and off for good 3 months now.

Check if you have any interface= directive configured somewhere:

sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.* | sort | sed 's\:\ \' | column -t

They restrict pihole-FTL to only answer on the specified interface.

Thanks, I found this:

/etc/dnsmasq.d/02-pivpn.conf:interface=wg0

I removed one line from /etc/dnsmasq.d/02-pivpn.conf and rebooted the pi. Dns over vpn works, but I still can't set pihole as dns in local network. Now I can't access internet even with automatic dns turned on in network manager. Something changed !

Check that line doesnt return after a reboot!
Post results for below ones run on Pi-hole , and on one of your clients in a cmd prompt (Windows/Linux/MacOS):

nslookup pi.hole

nslookup pi.hole 192.168.1.12

EDIT: ow and check if your router doesnt have some kind fo rebind protection or similar:

EDIT2: also check if firewall is blocking on Pi-hole:

pi@ph5:~ $ sudo iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

The line with interface=wg0 did not appear after reboot.

PI when connected over ssh:
nslookup pi.hole
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: pi.hole
Address: 192.168.1.12

nslookup pi.hole 192.168.1.12
;; connection timed out; no servers could be reached

Ubuntu in same network:
nslookup pi.hole
Server: 127.0.0.53
Address: 127.0.0.53#53

** server can't find pi.hole: NXDOMAIN

nslookup pi.hole 192.168.1.12
;; connection timed out; no servers could be reached

I'll check DNS rebind protection on Monday - most likely I'll have to contact my isp. Thanks for the idea !

It seems tat firewall is not blocking:
sudo iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

From what I see it seems that pi.hole is not visible in lan ? I tried to nslookup raspberrypi and it seems to be visible:

jskoczek@jskoczek-ThinkPad-E580:~$ nslookup raspberrypi
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: raspberrypi.home
Address: 192.168.1.12

jskoczek@jskoczek-ThinkPad-E580:~$ nslookup raspberrypi 192.168.1.12
;; connection timed out; no servers could be reached

EDIT: I'll tinker with using pi.hole as dhcp instead of relying on my router in the evening.

Try ditch that 02-pivpn.conf file.
Its foreign to Pi-hole (doesnt come with Pi-hole install) and probably contains more settings that could cause troubles:

sudo mv /etc/dnsmasq.d/02-pivpn.conf ~

pihole restartdns

Test with nslookup.

1 Like

The only line left in the file was:

addn-hosts=/etc/pivpn/hosts.wireguard

I removed the file after I made backup. I used pihole restartdns. Unfortunately output of nslookup was the same as before.

jskoczek@jskoczek-ThinkPad-E580:~$ nslookup pi.hole
Server: 127.0.0.53
Address: 127.0.0.53#53

** server can't find pi.hole: NXDOMAIN

I tried rebooting the pi, nothing changed.

Right now the only file I have in /etc/dnsmasq.d/ is 01-pihole.conf. Is it correct ?

2 Likes

Thats correct:

pi@ph5:~ $ sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.* | sort | sed 's\:\ \' | column -t
/etc/dnsmasq.conf              conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old          conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/01-pihole.conf  addn-hosts=/etc/pihole/custom.list
/etc/dnsmasq.d/01-pihole.conf  addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf  bogus-priv
/etc/dnsmasq.d/01-pihole.conf  cache-size=10000
/etc/dnsmasq.d/01-pihole.conf  domain-needed
/etc/dnsmasq.d/01-pihole.conf  localise-queries
/etc/dnsmasq.d/01-pihole.conf  local-service
/etc/dnsmasq.d/01-pihole.conf  local-ttl=2
/etc/dnsmasq.d/01-pihole.conf  log-async
/etc/dnsmasq.d/01-pihole.conf  log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf  log-queries
/etc/dnsmasq.d/01-pihole.conf  no-resolv
/etc/dnsmasq.d/01-pihole.conf  server=/0.0.10.in-addr.arpa/10.0.0.2
/etc/dnsmasq.d/01-pihole.conf  server=208.67.220.220
/etc/dnsmasq.d/01-pihole.conf  server=208.67.222.222
/etc/dnsmasq.d/01-pihole.conf  server=/dehakkelaar.nl/10.0.0.2
/etc/dnsmasq.d/01-pihole.conf  server=/use-application-dns.net/

You should specify the DNS server to query with nslookup:

nslookup <DOMAIN> <DNS_SERVER_IP>

If you leave out the <DNS_SERVER_IP> , nslookup will use/query the DNS server(s) configured in the OS.
When on LAN client, you query the LAN eth0 IP.
When on VPN, you query the wg0 interface IP.

Hi,
not sure when, but pihole started working.
I'd assume that setting interface to the correct one (in my case wlan0) and removing unnecessary files did the trick.
Maybe my pc/router cashed some settings and that's why it took a while for the changes to show ?
Anyways, thanks a ton for help !

output of nslookup seems to be fine (I have dns server set up in network settings, so there seems to be no need to add it to the command):

jskoczek@jskoczek-ThinkPad-E580:~$ nslookup pi.hole 192.168.1.12
Server:		192.168.1.12
Address:	192.168.1.12#53

Name:	pi.hole
Address: 192.168.1.12

1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.