Leaderboard

I was running a torrent client when the crash occurred., i.e. using bandwidth constantly. I do run PiHole but not on that box, i.e. PiHole is not aware of the VPN.

Thanks! I opted to allow traffic within iptables to an OpenNIC DNS server for the resolution.

Let me just add the observation that only a few percent of domains you might be looking up in a DNS system are going to be DNSSEC signed anyway. While it's nice to have DNSSEC functioning as a sort of future proofing and for the rare cases when it matters now, becoming alarmed at its absence in a DNS system at this stage is seriously inappropriate. Example: in the US the only major financial institution that I can find that signs its DNS entries with DNSSEC is the Internal Revenue Service! Yes, irs.gov is signed, as are some other US-gov't agency sites. But the big banks do not use DNSSEC, and neither do the well-known large brokerage houses. (Every site foo.bank is a DNSSEC-signed bank site, but see https://www.register.bank/dotBANKers/# to see which banks have bothered. They're all small.) In the VPN world, AirVPN.org is signed, mullvad.net is signed, and privateinternetaccess.com is signed. Every other well-known VPN service that I've tried depends on unsigned DNS entries. So basically at present, DNSSEC from the consumer point of view is little more than a cute toy.

To be more precise, absolutely no solution without you punching holes in your setup. If you need public DNS servers you can trust more than a company like Cloudflare, use services like OpenNIC. People are quick to suggest AirVPN implement public DNS, a proxy, email, Wireguard and whatnot, but think about it: Do you really want to consolidate all your information in one place, just like Google urges you to do? AirVPN offers VPN access, it's not a groupware.