u/Academic_Ad6848

Running pihole + nginx proxy manager on my home server so I can use local domain names (myapp.home, someotherapp.home, etc.) instead of ip:port for my services.

Problem is I've setup a secondary DNS on my router as a fallback, if my server goes down I don't want to kill internet for everyone at home. But with a secondary public DNS set (8.8.8.8), some devices randomly use it instead of pihole and the .home names stop resolving.

Is a second pihole instance the only real fix here? Feels like overkill. What do you all do?

Seeing a lot of posts about Gluetun setup but almost none about testing whether the killswitch actually works. You can have everything configured correctly and still leak your real IP when the VPN drops.

Here is the 3-step test:

Step 1 - Confirm traffic is going through the VPN

docker exec qbittorrent curl -s ifconfig.me

Should return your VPN IP. If it returns your home IP, your network_mode config is wrong.

Step 2 - Test the killswitch

docker stop gluetun
docker exec qbittorrent curl -s --max-time 5 ifconfig.me

If the killswitch is working, this should hang and timeout - not return any IP. If it returns your home IP, the killswitch is broken.

Step 3 - Restore

docker start gluetun

Wait 10-15 seconds, then re-run Step 1 to confirm the VPN IP is back.

The most common mistake: ports for qBittorrent, Radarr, Sonarr, and Prowlarr must be declared on the gluetun service - not on the individual containers. Since they share Gluetun's network stack via network_mode: service:gluetun, they have no ports of their own to expose.

If you don't test this, you don't actually have a killswitch. Hope this saves someone a headache.