Pivpn/wireguard and Pi-hole breaks DNS resolution

I haven’t investigated fully but in both arm6 and arm7 current images, when installing together pivpn/wireguard and pi-hole DNS resolution breaks. Pivpn install complains that it doesn’t recognise the OS during install but proceeds. Then, DNS resolution does not work, while with pi hole only it was. Anybody else seen that?

you mean DNS resolution on your system directly? Or on your clients?

I guess PiHole was already installed and you tried to install PiVPN in addition?

Even on the system itself, and despite /etc/resolv.conf pointing to local ip as primary dns and another ip for secondary dns.

Pihole was working ok.

To reproduce: spawn a vm, fresh install, dhcp with static reservation, install only pihole and point as custom dns local router ip. BTW pihole also installs unbound. Pi hole should be working ok, local nslookup is ok, remote dns requests also ok. Then install pivpn, option wireguard and when asked accept pihole to be used as dns to block ads for wireguard clients. Reboot and see the motd failing to dns resolve.

/etc/resolv.conf should not contain the local IP. I recommend to use an external DNS provider to enable the system to resolve DNS even if Pihole is failing.

Btw unbound is an option and could be used. There is no need to do so. You could decline the request on installation.

One more question. Are you able to ping any IP (not DNS) while PiVPN has been installed? Means network connectivity is there in general?

In my LAN I have a working DNS server on a mikrotik router ( I install dietpi/pihole on

root@DietPi:~# cat /etc/resolv.conf

Everything works great. If I stop pihole service, still everything works ok with secondary DNS. So far so good.

then I install pivpn/wireguard. My /etc/resolv.conf still contains two DNS servers (local and neighbor), but no dns resolve takes place!

Good question about pinging directly. I remember I could ping ok my gw/dns at I willl check again shortly when on site (no wireguard remotely as it is not working) and post back.

thanks for getting involved in helping !

Oh, wait, I don’t remember asking me about unbound. That seemed weird, I will check again

Usually if you select PiHole, you should get a popup asking if you like to install unbound in addition. probably you overlooked and just hit enter :wink:

Just installing a VPN server should not block DNS resolution. Anyway you could use dig command to verify your DNS resolution.

nameserver should be fine on the DietPi device. But it could be as well a global provider like Quad9 or Cloudflare. Using nameserver is creating useless roundtrips as your system is asking PiHole first and probably unbound as well if installed. It’s much faster to connect to an upstream DNS directly because there is nothing to block on a DietPi usually. At least as long as you don’t use a desktop/browser.

Yes, you are correct that I overlooked the unbound install question.

I see your point about DNS servers, I tried with/without local ip as dns and it did not work

I started from scratch, with new image. I installed pi-hole without unbound (to get it out of the way) and it was working fine with DEFAULT settings, answering queries from local and for other pc in the lan.

then I installed pivpn. It complained about unrecognized OS, not being raspbian or debian. I configured it correctly with wireguard and answered YES to using pi-vpn to block ads for clients connected through wireguard.

rebooted and no DNS was available: motd error, no dns queries answered from local or other pc in the lan.

Pi-hole log was recording the queries and was answering “denied”. Strangely the secondary DNS was not used.

Then I changed in pi-hole DNS settings to “listen to ALL interfaces - ALL origins”, and everything worked. Changed back to listing to eth0 and still works.

Now seemingly works. I never understood what happened.

the setting listen to ALL interfaces - ALL origins is needed if you connect via VPN from outside world to resolve DNS query on vpn clients. But as we speak about, I remember an old issue I was facing https://github.com/pi-hole/pi-hole/issues/2898

It was quite strange, DNS resolution start working after accessing the web interface. Maybe it is fitting your experience as well.

Yes, something happens with DNS when wireguard is installed but I will not re-install to test it again :slight_smile:

I have rebooted some times and works. If it appears again I will post back.

By the way, great staff this DietPi, happily donated my bit to help. Keep it up.

thx for donation :slight_smile:

for testing there would be no need to reinstall. I guess just switching PiHole back to listen to eth0 and a reboot should be fine. But at the end it doesn’t matter. Because using DNS resolution via the VPN would require listen to ALL interfaces anyhow. That’s how my system is running as well.