So before I go telling my work IT, I was hoping someone else could confirm or deny this is intended behavior.
I have my router pointed at the PiHole DNS so I don’t have to configure devices individually.
I am partially WFH and, per company policy, anytime my work PC is in use it’s connected via the work VPN.
I would have thought this would mean that other than traffic to and from the VPN server I shouldn’t see much activity from my work computer, but looking at my PiHole logs I can see every DNS query coming from the work computer. That shouldn’t happen with a properly configured VPN right, shouldn’t it use the company’s preferred DNS not my PiHole?
Are you sure your work computer VPN is configured to route ALL network traffic through the VPN? Many corporate machines are configured with a routing table to only funnel certain services, IP’s, ports and domains through the VPN while routing the rest through the normal network.
Sounds like your company might be using a Split Tunnel VPN. Basically traffic to your company’s network resources uses the VPN, any other traffic is routed out through the internet. I don’t think there is anything to worry about here but confirm with your IT team.
Split tunneling. It’s a thing.
That shouldn’t happen with a properly configured VPN right, shouldn’t it use the company’s preferred DNS not my PiHole?
Talk to your company IT. They may not have their VPN configured to route DNS traffic through the tunnel.
This isn’t a Pi-hole issue - it’s for the work IT people to answer. Any of us answering in this forum are simply guessing.
My daughter’s school laptop isn’t touched by my pihole, or even my router settings (besides IP assignment). Nothing I can do on my network to block her access to YouTube or anything.
However, the school district has a very solid parental control solution through Blocksi, so we just use that.
It is possible that before the VPN is established your work pc try’s to contact the needed services like mail server, intranet, domain controllers etc. this happens automatic and can also happen before VPN is established.
So normally when your VPN is up and running you shouldn’t see any traffic from your work pc if it is still hitting your Pi Hole I would consider contacting your IT. Otherwise I would consider it normal.
When you talk to IT, say “caching DNS server”, rather than “pi-hole”.
When I connect my work laptop to my work vpn, all dns traffic goes through my work vpn rather than my local pihole.
We use a split tunnel as certain traffic should hit local resources e.g. Teams to improve call latency as we have offices worldwide.
split DNS is a thing, routes traffic that just needs the internet out via local network/DNS
Most likely this. My work computer routes some traffic over my home network. I was surprised as well but they do it to reduce/optimize bandwidth/traffic over VPN servers.
X2 on this. No corporate network I’ve seen isn’t almost always using split tunnel. Nobody wants to route all traffic for thousands of users
Sounds like a split tunnel vpn config like some are saying. Some vpn clients like cisco anyconnect let you see what routes go through the tunnel and which routes are dropped locally.
Honestly it may not be, so that’s actually reassuring. It’s locked down to the point I can’t see what it’s configured to do or supposed to do.
My last employer we had to VPN options, standard and everything via their VPN. Told to use the standard when WFH but when on site at the customer’s place in Mumbai to use the route everything.
Absolutely, my PiHole is working great and as intended, it was just how I found the issue.
Just wanted a gut check, before contacting our IT. They like to make your life hell for contacting them, false alarm or not.
You can try to ping a traceroute to certain services you know should be VPN and others you think might not be. I imagine you should be able to execute the «tracert» command in cmd and see if that makes more sense to you.