Hey there I was wondering if Chrome VPN extensions can bypass Pi-Hole?
Yes. To avoid the problem, don’t run the VPN extension.
Are you sure, did you even test it?
Ok what about bloccking the chrome web store?
They just change what DNS server the browser uses lol. Bypassing pihole is easy, most IoT devices and some apps like YouTube are hard coded to just use Google DNS.
If you want full coverage you need a firewall capable of blocking/redirecting external DNS requests.
what about bloccking the chrome web store?
Why do you want to do that? Is the VPN installing itself with no action in your part?
And how do I get something like that?
Do I have to pay a lot of money or is it free to install and configure?
and some apps like YouTube are hard coded to just use Google DNS.
On what platform are you seeing this behaviour?
because I want to seal off any form of temptation to bypass Pihole
I have a pfsense router I built, but there’s a lot of different firewall solutions with different capabilities. Your current firewall might already be capable.
My firewall logs blocked packets to 8.8.8.8:53 and 8.8.4.4:53 all the time from my android devices when the YouTube app is open, and also from over half of my IoT devices(light switches, wall plugs, etc).
And what of the several other major browser platforms? Or just side loading an APK on Android?
Pi-hole is a poor fit for what you’re wanting to achieve. It blocks domains, not urls or IPs.
As an example you can’t block “google.com/blah/blah/app-store/whatever”. Only “google.com”.
You would need to be at least redirecting outgoing traffic on port 53 back to your local resolver instance, and blacklisting known public DoH/DoT/DoQ domains.
Though it really sounds like you’d want to be doing a full firewall+deep packet inspection+device management engine approach.
Note: I don’t think any of this really matters if you’re the admin and you’re the one you’re trying to apply limitations to.