PiHole and OpenVPN

I only started using PiHole because I learned about it when I was setting up OpenVPN on a SBC (odroid) computer. Recently PiHole has stopped working, and perhaps it’s related to using both technologies, or perhaps not. I’m kind of talking out loud here, if only for my own edification, but if if you see a mistake I made then I guess thats a good thing.

I use an eero router. It’s one of those mesh network routers where you drop them throughout your house and they extend your wifi network. They are pretty easy to configure, and if one of them ever dies you can stick a new one in without having to reconfigure. Like my previous routers, I use DHCP to assign clients reserved IP addresses. I can’t count how many routers I’ve gone through over the years and each time I would have to rebuild my reserved client list. Now if one of them dies, I don’t have to deal with that chore.

I know PiHole has DHCP, but I want to keep that functionality on the router. In fact, the only reason I ever installed PiHole was because I want my OpenVPN clients to be able to use internal network names. The ad blocking was a bonus (even though that’s not working now).

The router has DHCP, and has two DNS entries. 172.16.0.75 (PiHole) and 8.8.4.4 (Google).

The PiHole machine is also running OpenVPN. PiHole uses 8.8.4.4 and 8.8.8.8 for DNS servers. /etc/hosts has entries for network resources, e.g.

172.16.0.6       Fubar

I also have unchecked never forward non-FQDNs in the PiHole admin gui, so that OpenVPN clients that connect will be able to use these network names. OpenVPN is configured to only use PiHole for DNS.

push "dhcp-option DNS 172.16.0.75"

Am I missing something here? The goal is to make sure the clients can use the same network names if I’m connected to OpenVPN.

I know I was told not to have two DNS entries on the router, just to list the PiHole.

Maybe some pointers here from the official Pihole OpenVPN howto:

You did not mention who's doing the openVPN server bit.
And yeah what @James_Horn said, make sure the clients use only Pi-hole for DNS resolution and no secondary DNS configured!
Some pointers and diagnostic tools here:

Oops sorry, you did mention :wink:

Seems to make little difference, but I’m using just one now.

The nslookup command is your friend.
If you suspect an ad domain isnt blocked, just run it through nslookup on one of your clients.
And if you want to know if the ad domain is on the Pi-hole lists, you can query on Pi-hole with below one (or the web GUI):

pihole -q <AD_DOMAIN_NAME>

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.