No DNS resolution on remote pihole server

Help Community Help
1

Please follow the below template, it will help us to help you!

If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using nginx instead of lighttpd, or there is some other aspect of your install that is customised) - please use the Community Help category.

Expected Behaviour:

I run pihole on my wireguard VPN server. Operating System Debian 9. When I connect with wireguard, I expect to be able to browse the internet.

Actual Behaviour:

I'm unable to browse the internet due to DNS resolution failures. Upon using a different DNS provider, I'm able to browse the internet.

Debug Token:

https://tricorder.pi-hole.net/686yk55kf4

2

The debug log looks fine and everything is functioning on the Pi-hole install.

It appears that the issue is with your VPN configuration.

3

Thanks for looking into this Dan. I don't think that the VPN configuration is the issue.

On my home network when I set the DNS to be the ip address of the server <deleted, don't post public IP addresses here>., DNS resolution starts failing as well. This is without being connected to VPN.

4

This is what I get when I query the Nameserver from my home network -

❯ dig google.com @<my vpn server running pihole>

; <<>> DiG 9.10.6 <<>> google.com @<my vpn server running pihole>
;; global options: +cmd
;; connection timed out; no servers could be reached

On the pihole server itself, the name resolution happens correctly -

; <<>> DiG 9.10.3-P4-Debian <<>> google.com @127.0.0.1 -p 5353
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21381
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		3600	IN	A	172.217.174.238

;; Query time: 58 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Mon Jul 13 23:33:43 UTC 2020
;; MSG SIZE  rcvd: 55
5

The debug log shows everything is working. You can check it yourself in the /var/log directory.

If you're running wireguard then you wouldn't use the public IP address, you'd use the private IP address you set up for the wireguard interface.

I can see your admin page at the public IP address, so it's not on the wireguard interface.

It's the VPN configuration.

6

I've setup pihole to listen in on all interfaces -

Screen Shot 2020-07-13 at 4.36.31 PM
Screen Shot 2020-07-13 at 4.36.31 PM1012×670 77.6 KB

So shouldn't I be able to access Name Resolution by using the public IP address as well?

I've verified that port 53 is open for both TCP and UDP traffic on that address.

7

Pi-hole is operating as intended, you have shown that it is. It's your network configuration.

As this falls under "there is some other aspect of your install that is customised" from the topic template, I'm moving it to Community Help and we'll see if the community has any tips.

As a general and unbending rule we do not provide support for open resolvers.

Edit: For community help:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] actricesmexicanasdesnudas.com is 0.0.0.0 via localhost (127.0.0.1)
[✓] actricesmexicanasdesnudas.com is 0.0.0.0 via Pi-hole (172.26.9.159)
[✓] doubleclick.com is 172.217.167.174 via a remote, public DNS server (8.8.8.8)
8

Side Note: Pi-hole listens on port 53, your dig is for port 5353.

9

Alright, fair enough.

I appreciate your taking a look here and helping out.

The 5353 is for unbound setup below the hood which my pihole uses.

10

Not according to the screen capture you posted. Pi-hole is using Cloudflare for upstream DNS.

11

I had first suspected an issue with my unbound configuration and hence flipped pihole to Cloudflare.