You might be aware of Pi-Hole to be a advertisement blocking software which works at the DNS level. The way it works is that, it runs its own DNS server and blocking services. When you configure Pihole during installation, it will setup
dnsmasq and configure it so that all DNS queries go through it instead of directly going to the nameservers. It uses blocklists to block the DNS queries so whenever a DNS query comes, Pihole will check its blocklists and if it finds an entry, it will reply back with the address of your choice (In my case, 10.8.0.1). So, 10.8.0.1 was the DNS server when the machine was connected with OpenVPN. This VPN server was also hosting a website with NGINX.
I had followed a guide from DigitalOcean to setup Pihole and redirect all of my VPN traffic through it.
After some time of using Pihole (After some time, I totally forgot that this was setup as well), I noticed few issues -
- HTTPS warnings regarding certificate mismatch were given to several websites. For example, if I tried browsing a website like
stats.wp.com, I would get a certificate for
abc.com(Just an example)
- Websites did not work properly like below and Chrome Dev Tools showed several errors -
After doing some initial searching, performing
nslookup(s) on both the client and server, I established that this issue was not because of OpenVPN but something concerned with DNS. Eventually, I found that Pihole is the one responsible for all this mess.
Follow the below procedure to uninstall Pi-hole properly -
- Make a backup of the file located at
- Now, edit the file and locate the section as below
- Replace the highlighted portion with
domain_name_servers=184.108.40.206 220.127.116.11. This line contains the IP addresses of the DNS servers (I am using Cloudflare's DNS) which would be used to lookup domains for that interface.
- Now, we need to remove the entries from the firewall
ufw. To get a list of all the rules present, run
ufw status numbered. In my case, I got the following list -
1234were for the Pihole Admin interface.
- Remove the rules by typing in
ufw delete [RULE_NUMBER]where [RULE_NUMBER] is the number of the rule as shown above.
- Now, type in
pihole uninstall. Press
yat the prompt to start uninstallation.
- It will ask you to uninstall the packages which were installed by Pihole. I recommend pressing
Nat this prompt to keep all the packages if you don't know.
- Now, remove
dnsmasqby typing in
apt-get remove dnsmasq
- Edit the file at
/etc/openvpn/server.confand locate the entry like
push "dhcp-option DNS 10.8.0.1". You need to replace the DNS server in this line with an actual DNS server like
- Reboot the system by typing in
This should resolve the DNS issues and restore back OpenVPN connectivity. But, yes cheers to Pihole team for building out this product!