Correct setup for pfSense + VPN + Pi-Hole ?
-
Seeking advice on how to incorporate Pi-Hole into my pfSense + OpenVPN setup... Right now, I've set pfSense's DHCP server to hand out the Pi-Hole's IP as the DNS server. And, in Pi-Hole, I use the VPN provider's recommended DNS addresses as the upstream servers.
This works, but I'm unable to confirm for sure which DNS server(s) are actually used. Dnsleaktest.com says I'm using my VPN's IP as my DNS server (i.e., the same address I see at the top of ifconfig.me). I get this result even if I specify an entirely different upstream DNS server in pi-hole, e.g. Quad9 or CF.
Can anyone confirm whether this is expected behavior, and/or if there's a better way to set things up? Thanks!
-
Bumping this and adding more specifics...
According a post on the Pi-hole forum, the correct config is:
- Add the Pi-Hole IP address to pfSense > Services > DHCP Server > DNS Servers.
- Do not enable DNS Forwarder.
- Do not enable DNS Resolver.
- Do not add a DNS entry in the System > General Setup > DNS Server Settings.
The last setting seems to be causing an issue -- the router is unable to connect to my VPN provider if no entry is made in System > General Setup > DNS Server Settings. It's also unable to connect if the Pi-Hole IP address is entered there.
Specifying a public DNS, such as Clouldflare, does work -- but then I am not sure if all DNS queries are going through the Pi-hole?