Listen on All Interfaces -- Using pihole with Wireguard or other VPN


After installing wireguard and activating the wg0 interface, I noticed that pihole was refusing to listen. Below I share how to fix

What’s more, netstat showed pihole-FTL listening on all interfaces – but using dig I could only query via eth0 . Watch out for this while debugging.

Configure pihole for all interfaces, also restart

pihole -a -i all


Here’s how to test both interfaces

# is the addr of eth0
$ dig @

# 4.1 is the address of wg0 wireguard "server"
$ dig @

How I found the solution

I scanned references to INTERFACE in . I got a little confused because the -a help in cli seems to focus on “web” setup but seems to include dns options as well.

WireGuard blocking dns requests from other machines

The reason there are DNS options in is because that is used by the settings page on the web interface.


Would you guys be open to me adding an “all” option to the setup screen (pihole -r)?


Are you proposing a feature change to the open source Pi-Hole code, or do you want to change your local install only?

If the latter, you are free to change your local configuration in any way you desire.


I meant me adding a PR to add the “all” option to the interface setup screen


That config option is not necessary for installing, so it should not be included.


Just to share my perspective, I was installing with two interfaces (eth0 and wg0), but pihole -r only allows one. I’ve noticed maybe 4 other posts facing a similar setup and confusion.

Could I ask your reasoning behind not listening on all interfaces? Most admins assume daemons will be able to listen to all.

I’m happy to write the pr and I think it would be helpful for anyone doing vpn


The interface is asked as part of setting a static IP address, and if the single interface mode is used. You can still change the interface listening mode to listen on all addresses after install. The default could be changed in the future.

1 Like