Wireguard and Unbound

Blockhead · December 3, 2023, 5:09pm

The Pi-hole documentation provides an excellent guide to install Wireguard VPN to allow use of Pi-hole outside of a local network and an equally excellent guide to install Unbound as a recursive DNS server. However, one issue I ran into when implementing Wireguard with a previously working Unbound implementation according to the guides was that Unbound stopped responding to DNS requests.

To solve the issue, try adding a line access-control: [local network subnet] allow into the file /etc/unbound/unbound.conf.d/pi-hole.conf and restarting unbound with sudo /etc/init.d/unbound restart . For example, if your local network hosting Pi-hole is 192.168.1.0/24, add access-control: 192.168.1.0/24 allow.

DanSchaper · December 3, 2023, 5:15pm

You can edit the documentation files to add anything that was missed or could be updated, if you are so inclined. The documentation will be seen by far more users than just a note here on Discourse.

Blockhead · December 3, 2023, 10:52pm

Thanks. Happy to create a pull request.

github.com/pi-hole/docs

Suggestions for Wireguard Guide Relating to Unbound

pi-hole:release/v6.0 ← NittanySeaLion:release/v6.0

opened 10:23PM - 03 Dec 23 UTC

NittanySeaLion

+51 -27

## Thank you for your contribution to the Pi-hole Community! Please read the …comments below to help us consider your Pull Request. We are all volunteers and completing the process outlined will help us review your commits quicker. **Please make sure you** 1. Base your code and PRs against the repositories developmental branch. 2. [Sign Off](https://docs.pi-hole.net/guides/github/how-to-signoff/) all commits as we enforce the [DCO](https://docs.pi-hole.net/guides/github/dco/) for all contributions 3. [Sign](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) all your commits as they must have verified signatures 4. File a pull request for any change that requires changes to [our documentation](https://docs.pi-hole.net/) at our [documentation repo](https://github.com/pi-hole/docs) --- **What does this PR aim to accomplish?:** This PR updates some language in the WireGuard section of the Guides. It provides a fix for using unbound with WireGuard. It also suggests ufw firewall rules for the wg0 and eth0 route when clients use the tunnel to access local devices (or routing all traffic). Other improvement place warnings in positions to warn before offending activities occur and provide more details in descriptions. --- **By submitting this pull request, I confirm the following:** 1. I have read and understood the [contributors guide](https://docs.pi-hole.net/guides/github/contributing/), as well as this entire template. I understand which branch to base my commits and Pull Requests against. 2. I have commented my proposed changes within the code and I have tested my changes. 3. I am willing to help maintain this change if there are issues with it later. 4. It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1) 5. I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)) 6. I have checked that another pull request for this purpose does not exist. 7. I have considered, and confirmed that this submission will be valuable to others. 8. I accept that this submission may not be used, and the pull request closed at the will of the maintainer. 9. I give this submission freely, and claim no ownership to its content. --- - [x] I have read the above and my PR is ready for review. *Check this box to confirm*