I asked for a setup using a VPN client and server in combination. I were helped absolutely fantastic and I hope, the upcoming problems regarding this setup can be answerered also by this great community!
At the moment, all I want is using my Pihole (fixed IP) always as a DNS server. So I followed this tutorial (https://openwrt.org/docs/guide-user/base-system/dhcp_configuration) (the last entry at the end), tried to change "Use custom DNS servers" in all my interfaces and also added "DNS forwardings" in DHCP and DNS. The Pihole is mostly used. Mostly. When asking http://www.whatsmydnsserver.com/ it lists the Mullvad DNS (used by the pihole) but also the one from my ISP. And when asking https://am.i.mullvad.net/ sometimes it says "No DNS leaks", then sometimes "You are leaking DNS". Nevertheless, when using my VPN Wireguard client (Andoid phone) where the pihole is used as a DNS server (and the router is not involved) I do NOT see this problems, and Mullvad DNS is always used.
The router sees the pihole (192.168.100.2) and the mullvad one (193.138.218.74) nevertheless.
At the moment I can not find out, what setting I could miss. If any logs or settings will help I will provide them. The setup can also be found in the old post when important:
Nevertheless I could imagine this has nothing to do with my VPN stuff. Some more to add: I used to have the adblock addon activated. With switching to the pihole I disabled it and uninstalled it via opkg. Maybe this has an influence?
I really tried but could not make it run. For me it is not necessary that the pihole is in the VPN. According to some rules I can reach it from all network members, with and without VPN. When putting it in VLAN2 (with VPN) it is not seen by other members. This is especially critically for the memebers like the TV, not using the VPN. So can this be fixed without putting the pihole in hte VPN VLAN? Most of the time it seems to work and is now NOT in the VPN using network.
Can you provide more information on your issue then?
What address is not reachable?
At first I thought you were trying to ensure your ISP's DNS servers were not being used.
(It sounds like you're describing the issue I noted in the previous thread - that you would experience DNS leaks without fruther config.)
Also you list a local DNS (PiHole) and Mullvad. Ensure all clients point to the same DNS server - and that server points to the same upstream DNS revolvers, do not mix DNS servers!
I am. Therefor I see the problem when checking am.i.mullvad.
BUT: The pihole only points to the mullvad DNS. So basically there should not be a DNS leak!
I want: only use the pihole. The pihole only uses the Mullvad DNS. The second DNS in the router is also the one from Mullvad, for the case that the pihole fails because of other problems. So no DNS leak, no mixing. For the phone this works as it should. With DD-WRT this also was no problem. Only in Open-WRT it seems that the pihole is not the only DNS server used, since it seems there is another DNS server (from ISP) used while I can not see why and where configured.
Have you manually configured a client directly to the PiHole and tested?
Please provide the relevant sections in /etc/config/network and /etc/config/dhcp
Ensure that your IPv6 announced DNS isn't connecting to the ISP and providing results by unchecking the box above and configuring a DNS server (i.e. PiHole)
Yes. The phone over Wireguard which directly uses the PiHole shows NO problem.
Might be the point! I unchecked it for IPv6 (thought this would not be used!), now WhatIsMyDNSServer only shows me the Mullvad one! I will observe, if mullvad also seems to be happy (have to test it for some time since it works sometimes, and sometimes not) then come back!
unfortunately this seems to solve the problem only sometimes. Five minutes ago I saw the DNS of my ISP again in http://www.whatsmydnsserver.com/.
IP6 is unchecked as you said, what else might it be? Disable IP6 at all? PiHole itself only uses the right server, and it only happens with clients at home, never the phone which uses the IP of the Pihole as DNS directly, so the problem seems to come from wrong forwarding of DNS requests in the router. 192.168.100.2 is the pihole, which should be the right one. 193.138.218.74 is the Mullvad one, which is fine too. 193.227.235.8 is chosen from ISP.
This is the config from config/network regarding the networks:
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.100.1'
option ifname 'eth0.1'
option dns '192.168.100.2'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option peerdns '0'
option dns '192.168.100.2 193.138.218.74'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
config interface 'lan2'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.200.1'
option netmask '255.255.255.0'
option ifname 'eth0.3'
option dns '192.168.100.2'
Even a single DNS provider which uses load balancing may return different results in round robin mode, and when you use different DNS providers, the result is even less predictable, because the query goes to a random server and the reply may differ depending on the resource record TTL, server response time and caching settings.
Well basically I do not use different providers. I use my pihole, which uses the Mullvad DNS. So there is only one DNS, but I see sometimes the one from my IPS. I do not see why the router should use this one and not only the pihole.
The second DNS besides the pihole is also the Mullvad one for the situation where the pihole might be done.
