As per: DNS - GL.iNet Router Docs 4
If I set my DNS as manual (pihole on local subnet) when I set up a wireguard client using the client based VPN policy it can only use the DNS servers specified in the manual set up rather than using the VPN servers specified in the VPN config? (this is the behaviour I'm seeing).
I have also tried with Allow Custom DNS to Override VPN DNS on and off and makes no difference.
Seems weird??
Hi,
If you configure a custom DNS address in GL GUI > Network > DNS and enable "Allow Custom DNS to Override VPN DNS", this custom DNS will be preferred.
If the above DNS is not configured (default is automatic) or if "Allow Custom DNS to Override VPN DNS" is not enabled, VPN DNS will be taken.
The issue currently encountering is that the Flint2 as a VPN client, and can't resolve domain names from the pihole DNS?
Thanks for the reply.
I have the following settings for DNS
When turning on the WG client (the correct client device is chosen in VPN Policy area)
All DNS lookups continue to occur through the local pihole at 192.168.1..252 instead of using the DNS servers of the VPN provider specified config
I have tested with "Allow Custom DNS to Override VPN DNS" turned off and on, and it is the same outcome.
Current FW is 4.7.5-op24, the problem was still there previously on 4.6.6-op24 also.
Client/s receive DNS server settings via DHCP, and the DHCP server settings are below.
Any thoughts are greatly appreciated.
Out of interest, where are you getting the confirmation that your devices are using pi-hole DNS instead of the VPN ascribed ones? Are you using a browser or a command line utility? Either way, have you cleared the DNS cache in the browser (i.e. Edge Browser: edge://net-internals/#dns) and/or flushed the DNS if you're using windows (not sure about Linux/other OS) with 'ipconfig /flushdns' ?
Just a ramble.....!!
Rambles are very much appreciated!
All queries sent through the pihole can been seen real time in a live log view so anything sent through there is visible as it happens.
Using Windows, I have flushed DNS but have not specifically cleared the browser DNS cache (chrome: chrome://net-internals/#dns). Didn't actually know that was possible in Chrome, thanks for the tip!
Will test but lookup requests to unbound on the pihole can be seen as the browser asks for them, so not so sure clearing the browser DNS cache will have an impact as I can see the browser asking the pihole (which then returns it from its cache or a fresh lookup from root servers).
Very open to more rambles 
Sorry, I've reviewed your issue, do you need the client to go to VPN DNS instead of Pihole DNS?
