I'm experimenting with some containers running on my router, specifically, D53G-5HacD2HnD-TC&RG502Q-EA.
I presently have set up DNS over HTTPS on the router per instructions here: https://www.youtube.com/watch?v=w4erB0VzyIE and it has worked great for me for all devices on the network.
The issue I have now is that if I run a container on the router, then DNS doesn't work with the current DoH setup. Minimal example is running the image 'alpine:latest' with a CMD 'ping google.com' and enabling logging. This results in the container stopping, logging "ping: bad address 'google.com'". If I change the CMD to 'ping 8.8.8.8' at this point, it works, so I know the container has access to the internet. If I disable DoH, then DNS works as expected. How do I get containers to work with the DoH setup?
For getting started with containers I followed the containers series of videos: https://www.youtube.com/watch?v=8u1PVouAGnk, https://www.youtube.com/watch?v=UMcJs4oyHDk, https://www.youtube.com/watch?v=i9GcFEx_Ois.
Potentially relevant info:
Code: Select all
/ip/dns print
servers:
dynamic-servers:
use-doh-server: https://cloudflare-dns.com/dns-query
verify-doh-cert: yes
doh-max-server-connections: 5
doh-max-concurrent-queries: 50
doh-timeout: 5s
allow-remote-requests: yes
max-udp-packet-size: 4096
query-server-timeout: 2s
query-total-timeout: 10s
max-concurrent-queries: 100
max-concurrent-tcp-sessions: 20
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 78KiB
Code: Select all
/ip/firewall/nat print
Flags: X - disabled, I - invalid; D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
1 chain=dstnat action=redirect protocol=tcp dst-port=53 log=no log-prefix=""
2 chain=dstnat action=redirect protocol=udp dst-port=53 log=no log-prefix=""
3 ;;; Enable containers to access the internet
chain=srcnat action=masquerade src-address=172.17.0.0/24 log=no log-prefix=""
Here the firewall filter rules beside the defaults:
Code: Select all
/ip/firewall/filter print
Flags: X - disabled, I - invalid; D - dynamic
13 ;;; Custom made rule - drop DNS queries
chain=output action=drop protocol=tcp dst-port=53 log=no log-prefix=""
14 ;;; Custom made rule - drop DNS queries
chain=output action=drop protocol=udp dst-port=53 log=no log-prefix=""