Similar symptons as this thread: Wireguard not using PiHole DNS althouth my set-up is a bit different
Details about my system:
- Pi-hole running in a pi zero.
pihole -dconfig is here: https://tricorder.pi-hole.net/rVIKpAxw/ - An Ubuntu server running a bunch of services via docker. Subdomain names are managed via a reverse proxy (traefik) running in a container.
- A mikrotik router running Wireguard
The issue I am facing:
- PiHole DNS works under normal conditions (inside the LAN; not connected to the VPN). It is used as primary DNS within the mikrotik router configuration
- The services running on the server are accessible from inside the LAN and from the internet via their subdomain names when not using Wireguard.
- Wireguard works, in that I am connected to my home network and my IP shows it's coming from there. I can browse the web without any problem, but I can't access any of my services.
What do I expect:
No matter where I am and if I'm using the VPN or not, being able to access the services running on my server.
Config details
- Laptop's
/etc/resolv.conffrom where I'm trying to connect (if not connected to the VPN)
nameserver 127.0.0.53
- Laptop's
/etc/resolv.conffrom where I'm trying to connect (when connected to the VPN)
nameserver 192.168.88.99 # pi-hole's IP in the LAN
nameserver 127.0.0.53
- Laptop's
/etc/wireguard/wg0.conf:
[Interface]
Address = 192.168.100.3/32
DNS = 192.168.88.99
PrivateKey = ...
[Peer]
PublicKey = ...
AllowedIPs = 0.0.0.0/0
Endpoint = mydomain.com:13231
Some tests I've tried:
- Not connected to VPN:
$ ping git.elnota.space
PING git.elnota.space (31.16.136.186) 56(84) bytes of data.
64 bytes from ip1f1088ba.dynamic.kabel-deutschland.de (31.16.136.186): icmp_seq=1 ttl=51 time=76.2 ms
64 bytes from ip1f1088ba.dynamic.kabel-deutschland.de (31.16.136.186): icmp_seq=2 ttl=51 time=54.2 ms
64 bytes from ip1f1088ba.dynamic.kabel-deutschland.de (31.16.136.186): icmp_seq=3 ttl=51 time=56.5 ms
^C
--- git.elnota.space ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 54.298/62.373/76.227/9.842 ms
$ dig git.elnota.space
; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> git.elnota.space
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44247
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;git.elnota.space. IN A
;; ANSWER SECTION:
git.elnota.space. 180 IN A 31.16.136.186
;; Query time: 47 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Dec 02 14:59:19 CET 2022
;; MSG SIZE rcvd: 61
$ nslookup git.elnota.space
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: git.elnota.space
Address: 31.16.136.186
- Connected to the VPN:
$ ping git.elnota.space
PING git.elnota.space (31.16.136.186) 56(84) bytes of data.
64 bytes from ip1f1088ba.dynamic.kabel-deutschland.de (31.16.136.186): icmp_seq=1 ttl=64 time=55.8 ms
64 bytes from ip1f1088ba.dynamic.kabel-deutschland.de (31.16.136.186): icmp_seq=2 ttl=64 time=55.1 ms
64 bytes from ip1f1088ba.dynamic.kabel-deutschland.de (31.16.136.186): icmp_seq=3 ttl=64 time=56.6 ms
64 bytes from ip1f1088ba.dynamic.kabel-deutschland.de (31.16.136.186): icmp_seq=4 ttl=64 time=57.0 ms
^C
--- git.elnota.space ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 7061ms
rtt min/avg/max/mdev = 55.194/56.209/57.084/0.732 ms
$ dig git.elnota.space
; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> git.elnota.space
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3665
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;git.elnota.space. IN A
;; ANSWER SECTION:
git.elnota.space. 9 IN A 31.16.136.186
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Dec 02 15:05:19 CET 2022
;; MSG SIZE rcvd: 61
$ nslookup git.elnota.space
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: git.elnota.space
Address: 31.16.136.186
- pihole
/etc/hosts:
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 pihole
Any help would be appreciated.