As before I should point out that this is a bit of an edge issue - I don’t want anyone thinking they shouldn’t use DietPi’s Nord service - we all should… this issue is more one of “gotcha” rather than a bug.
OK, so this particular gotcha is to do with installing PiHole when the NordVPN tunnel is operating. If you’re not paying attention (cough, cough) the OpenVPN connection IP is suggested as the PiHole gateway and machine IP.
I can’t be 100% sure but this caught me out more than once. I wonder if there’s any way this can be avoided in the installer?
I also managed to lock my PiHole to the wrong static IP (d’uh) at which point PiHole seemed to think it was operating on x.x.x.20 when it should have been at x.x.x.100 - this shows up on the Settings page under Network.
I’m confused myself with all these tunnels and routes floating all over the place but I’m assuming that upstream DNS for PiHole doesn’t need to go via the tunnel…
Yours, very confused (but still thankful for DietPi)
MD
marcdraco
If you take care about full privacy via VPN, then indeed your DNS requests MUST go through the VPN as well. The routes are quite simply: EVERY request, besides those to IPs within your local network, are forced through the VPN, so if you use some upstream DNS like 8.8.8.8 it will/should be accessed through the VPN tunnel as well, which is recommended in every case: https://www.dnsleaktest.com/what-is-a-dns-leak.html
I am currently thinking about what else Pi-hole is using the gateway/IP info for, but it makes sense that it uses the OpenVPN interface/server as gateway, something else might even cause issues.
Only thing is I am currently not sure about access permissions to Pi-hole. Their web UI has some access limitations, and at least it should be tested of local network machines can still use the Pi-hole instance for DNS resolving after it’s connected to NordVPN. Usual access to webserver etc at least should work from local network.
Marcdraco shared a good solution but you should even change your VPN service. NordVPN maybe is creating a problem. I suggest you review VPN service and find your perfect VPN that is suitable for PiHole and DietPi.