I use a commercial VPN, but I use Pi Hole as my DNS. Is it safe to torrent that way, or should I be using the VPNs DNS?
I won’t comment on safety of torrenting, but I can explain what goals of a VPN are.
The goal of a commercial VPN in this situation is to hide your traffic, the websites you visit, everything from your ISP. This only works if all traffic goes through your vpn. If any traffic goes outside your VPN your isp and other third parties could potentially see it.
If you’re using a commercial vpn, if you want all traffic to go through your vpn, you would also need to use their dns servers, if you don’t use the commercial vpns dns server, say you use any other dns server, your dns traffic could be seen by your isp, or another thirds party, since its leaving the walls of your commercial vpn and your dns queries could be logged by a third party dns provider or anyone who sees the dns traffic
Additionally, when you use a commercial VPN, you are putting your trust in the vpn that it won’t reveal your data (because they could easily log everything), so make sure you trust your vpn provider.
tl;dr: Use your vpn provider’s standard setup which will use their dns server. Yes, that means when you are connected to the vpn, you will not be using pihole.
Turn on the vpn on your computer and go to some normal websites and see if your queries are showing in pihole. Hopefully they aren’t as the vpn should be taking all traffic including dns queries. If you do see your queries in the log, look up how to prevent dns leaks with your vpn provider.
It depends:
Safety is always relative and depends on circumstances.
How much do you trust your VPN? Do they keep logs?
On your own network, is your DNS server setup to be recursive? So requests won’t be forwarded it onwards to others?
How often do you clear your DNS logs?
Validate that your torrent client is configured to only use the vpn adapter.
Ex. Qbtorrent in windows will use all available adapters to download. In advanced options you need to set it tonuse only the vpn adapter.
I guess, the question is not so much which DNS he uses, but whether the pihole is also using the VPN or not.
If you have a VPN on your PC, but pihole is your DNS, then obviously, your ISP will see that traffic. If you have the VPN on your router, then your PC and your pihole will be covered.
If you have a VPN on your PC, but pihole is your DNS, then obviously, your ISP will see that traffic.
This is rarely the case. Almost all commercial VPN clients change the local DNS to their DNS. When you put that client on the VPN, that client no longer uses Pi-hole for DNS while the VPN is active. This is done to prevent DNS leakage from that client.
Yeah this for sure. I’m just assuming he’s using a standard commercial vpn installation and not a router-based vpn.