So basically I have a pihole at hole for ad blocking. I also have a VPN setup on it that uses 10.66.66.1 (the wireguard local ip) for the DNS servers. So DNS is not port forwarded to the internet. I have pi hole configured to serve requests from anywhere, but since DNS nor the webserver can be accessed locally I don't think that's a problem. The only thing you can access from the outside is the VPN which then uses itself for DNS since they're on the same machine. Are there any security implications by doing it this way?
Second question is should I have my pi get an IP on the management lan (the Ubiquiti default, where all of the access points and switches are) or the LAN for the network (10.1.0.0/24, where all the normal wifi devices connect)? I don't think there's really any different but what if someone scans it on the network? if it's on a different vlan then it doesn't show up in network scanners like Fing. But I'm wondering if that's an actual issue
Also the last question is: is it possible to give my pi hole multiple IP addresses? Like for example you can access pi hole on 192.168.1.50 and that's where the DNS and webserver are. But what if I also wanted to use Unbound for DNS? I'm aware with Pi hole you can make Unbound use a different port (like 5335) and tell pi hole to use 127.0.0.1#5335 for DNS. But what about my normal phone or computer which doesn't let you specify a port? How could I make it for example that 192.168.1.100 is a valid DNS server with port 53 alongside 192.168.1.50 with pi hole. All I've seen are really complicated iptables rules but I really don't understand that or think it's what I'm looking for
