I have installed Pihole and WireGuard on the same VM using docker. Both have separate docker networks. I have set my DHCP server to give out Pihole's DNS IP, and it is working fine. I also have been using WireGuard for several weeks without issues. I am able to connect to my network from outside my LAN and connect to the internet.
Seeing how well Pihole was doing at blocking ads and trackers, I thought it would be great to connect through it with WireGuard. So I changed the existing WG DNS to my Pihole's internal IP. That's where my problems started...
Expected Behaviour:
After replacing 1.1.1.1 in my WG settings with my internal IP, I expected DNS response from Pihole and able to connect to the internet.
Actual Behaviour:
But I lost internet connection, and Pihole does not seem to respond to my WG requests.
Oddly enough, I am able to access services using their internal IPs rather than domain names, including Pihole while connected to Wireguard from outside my LAN. So the VPN tunnel is getting me into the network. It seems to me that Pihole is the one not playing ball here.
And yes I have allowed all access. In fact if I use Pihole's public IP as a DNS while I'm on an external Wifi network, all works as expected. I even tried using this public IP as WG's DNS, but again does not work, and I lose access to my LAN services too.
I also tried adding this to /etc/pihole/pihole-FTL.conf then restart Pi-Hole server.
DELAY_STARTUP=5
Again no change.
I seem to be having the same issue as the thread below, which unfortunately did not seem to end in a solution:
I really do not want to install Pihole on a separate VM as I am very tight on HW resources. any advice would be really great!!
Thank you!
FYI, I am a total newb, so bear with me. Joined the whole #selfhosted scene 3 months ago. Never going back...
How did you verify that those DNS requests actually made it to Pi-hole or your Pi-hole host at all?
Also, please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
Firewall is disabled for now until I get this sorted.
Yes, I can access my Pihole DNS server through its public IP. I can access it from home which I think is pretty cool. Why would I not want this kind of set up?
That's a good question. So my Pihole IP is 10.10.1.4. I also have another DNS server which I used before I started playing with Pihole on 10.10.1.5.
On WG, when I use 10.10.1.5, I am able to connect to the Internet. When I point it to 10.10.1.4 it does not work. However as I mentioned I still am able to login to my Pihole admin page by browsing to 10.10.1.4:8080/admin all while connected to WG from outside my network.
My debug token is posted in my previous post. Not sure what I am doing wrong if anything??
If that's the case, you would be running an open resolver, posing a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.
Note that the Pi-hole team strongly discourages Pi-hole’s usage as an open resolver, and we won't provide support in that case.
The recommended way to remotely access your Pi-hole is by means of a VPN, so only authenticated clients may securely use it.
Oh I did not know it was dangerous, I am still learning during my free time, sorry.
Ok I will switch it to allow only local requests. Thanks for the advice.
It means I need this issue solved more then ever hehe.