Hi all, I'm new here and, as you will discern from this post, new to networking as a whole.
I would be grateful for any general advice or input around my setup.
I have some specific questions that are down to knowledge gaps and understanding.
The main aim of this setup is to increase security and privacy.
I'm currently running asuswrt-merlin on RT-AC86U with an openvpn client in client 1.
All traffic goes through the VPN tunnel by using using 'policy rules (strict)'.
VPN client uses the VPN provider's DNS for WAN DNS by using the 'exclusive' setting. WAN DNS is set to 'connect automatically'.
Pihole is attached to the RT-AC86U and this is used as the LAN DNS for all clients by implementing DNS Filtering rules in LAN settings. LAN DNS Server 1 is set to the pihole IP.
Unbound is on the pihole in the default configuration (https://docs.pi-hole.net/guides/dns/unbound/).
My query here is, am I unwittingly bypassing my VPN client by using unbound as the dns resolver? I'm forcing all LAN traffic through the pihole using DNS filtering and forcing all WAN traffic through the VPN tunnel so I am hoping that the DNS resolver doesn't jump out of this tunnel when resolving queries but I'm unsure how to test or confirm this.
Will some traffic bypass the pihole by following the VPN client 'policy rules (strict)' rules?
I also seem to be getting IPv6 addresses back when doing an nslookup but IPv6 is disabled.
Are there opinions on using my VPN provider's WAN DNS here? Or is it better to use somethinig like Quad9 as suggested here ( ).
Or just my ISP's?
Thanks for reading, any help is much appreciated.
I would be grateful for any general advice or input around my setup.
I have some specific questions that are down to knowledge gaps and understanding.
The main aim of this setup is to increase security and privacy.
I'm currently running asuswrt-merlin on RT-AC86U with an openvpn client in client 1.
All traffic goes through the VPN tunnel by using using 'policy rules (strict)'.
VPN client uses the VPN provider's DNS for WAN DNS by using the 'exclusive' setting. WAN DNS is set to 'connect automatically'.
Pihole is attached to the RT-AC86U and this is used as the LAN DNS for all clients by implementing DNS Filtering rules in LAN settings. LAN DNS Server 1 is set to the pihole IP.
Unbound is on the pihole in the default configuration (https://docs.pi-hole.net/guides/dns/unbound/).
My query here is, am I unwittingly bypassing my VPN client by using unbound as the dns resolver? I'm forcing all LAN traffic through the pihole using DNS filtering and forcing all WAN traffic through the VPN tunnel so I am hoping that the DNS resolver doesn't jump out of this tunnel when resolving queries but I'm unsure how to test or confirm this.
Will some traffic bypass the pihole by following the VPN client 'policy rules (strict)' rules?
I also seem to be getting IPv6 addresses back when doing an nslookup but IPv6 is disabled.
Are there opinions on using my VPN provider's WAN DNS here? Or is it better to use somethinig like Quad9 as suggested here ( ).
Or just my ISP's?
Thanks for reading, any help is much appreciated.
Not sure what is the best setup to ensure pihole is used for all LAN clients, including these routed via WAN and these via VPN tunnel, and ensure no DNS leaks.
