Question about "Respond only on interface eth0" option

Hello,

I just installed pi-hole in a docker container and it works fine when this option is enabled: Respond only on interface eth0

However i read that it's potentially dangerous and i am not sure if my setup is safe or not. Pihole it's installed in my own local server. It's not a droplet or something. That server is behind a normal router and it's not directly accessible via the internet.

I will also install wireguard on that machine to be able to VPN into my local network when i'm away and will port forward the standard wireguard port .

Considering this setup, is it safe to have that option enabled? I don't have port 53 open from my router but i am not sure how DNS works in this regard. I am mostly thinking if by installing that Wireguard it will also make my pihole visible via the internet.

Any insight would be appreciated.

Thank you

Yes, as far as Pi-hole is concerned - if you access your Pi-hole remotely via Wireguard, then you won't expose your port 53 to public access (and there is absolutely no need to do so). Wireguard's port will be exposed, of course, but in order for that to be compromised, attackers would have to get hold of your Wireguard keys first. Keep them safe, strong and secret.

Thanks for the clarification!