Pi-hole configuration qubes os 4.1

thank you

 In the cloned pi-hole vm be sure to set the dns IPs to dns servers that are used by your vpn.

could you tell me how to do it please? I have a protonvpn vpn,

i’m ashamed, i don’t know, how to set the dns ip addresses to the dns servers used by my vpn. as I am not a pro I believe that my sys-vpn machine does not act as a dns server, it just acts as a vpn

I’m referring to the dns IP addresses that you have to provide to pi-hole. Instead of choosing a brand name dns provider (eg, Quad9, Cloudflare, etc…) you should enter two custom IP addresses provided by proton. I don’t have these offhand, but I found them at one point just by searching for dns & proton vpn.

I searched a lot I can’t find them, the public dns of the other providers I find them in an instant, protonvpn I don’t understand why I can’t find them, also in network manager of my sys-vpn there isn’t are not and in /etc/resolv.conf I find name servers which are given by qubes os I don’t know any command which allows me to display the dns in question, it’s really complicated

Qubes handles dns in a way I still don’t fully grasp, so I appreciate that it feels complicated. When it comes to pihole it’s simple though. In the admin interface just choose Settings > DNS and enter the IP addresses.

You may have better luck searching Reddit for the DNS server IPs. Here are a couple of links that may point you in the right direction:

hello ephil, thank you very much finally it’s over it works, it filters, doing the testleak I see that I have a dns leak, nextdns dns from protonvpn

if I disable or remove nexdns from PiholeVM-Clone will it work? one to have no dns leak and two to just use protonvpn dns

I thank you again for the help you have given me. this thread and end. I opened another thread to fix the dns leak :kissing_heart:

Why don’t you use unbound - Pi-hole documentation ?

thank you I’ll see, so if I redo a new installation of pihole with unbound, I won’t have any leaks? because of my vpn?

Sorry, I cannot comment to your leaks issue. My proposal was to use your own DNS service. No need for VPN DNS, no need for encrypted DNS. To me it is a super cool feature of the pi-hole. Worth testing.

this is what i’m using right now, isn’t this my own dns service?
pihole and install with nextdns, because there are several pihole installation tutorials, I followed the one with nextdns.

and I didn’t quite understand what you mean by my own dns?

thank you

It’s hard to know for sure without seeing the test results, but it sounds like retaining the nextdns servers in your cloned pihole is the reason for the failed dns leak test. You should only use the IPs provided by proton in the pihole that sits behind the vpn vm. I’m not sure how the test would interpret use of unbound, but I agree that its super cool.

thanks I will try

Hi !

Thank you @TheGardner !

I have been struggling to set this up ecently and your instruction file was exactly what I needed (just changed to non minimal debian-11, where indeed stopping and disabling resolvconf was not needed - I also commented out the access to pi-hole webui from other VM, following the comments you provided into qubes-firewall-user-script).

Your post should be marked as solution for this thread :nerd_face:

Also thanks for that epic adlist ! It’s really useful !


…wonder why I never saw those “Solution” marks here, you lot always talking about…
Is this an Admin (or Moderator) only thing?

The OP can choose which post solves their problem. Moderators and Leaders, including me, can also set this. Should I set this post as a solution?