Community discussions

MikroTik App
 
User avatar
sunakashi
just joined
Topic Author
Posts: 17
Joined: Wed Nov 23, 2022 1:55 pm
Location: CZ

NextDNS as upstream in pi-hole (container)

Fri Nov 25, 2022 2:03 pm

I successfully installed and run pi-hole in container right on router (hAP ac3). Now I would like to add NextDNS as upstream in my pi-hole. However when I set IP adresses from NextDNS to custom IPv4 1 and 2, I cannot load any webpage. Query log in pihole writes "sent to dns2.nextdns.io#53", also log in NextDNS is filled with queries, but my browser shows nothing.

Similar story is when I try use NextDNS guide to set up MikroTik with DoH and then pi-hole is not set as DNS server. I cannot load any page, but query log is filled just fine.

So I guess problem is in firewall or any other setting that I configured for docker (I followed exactly this tutorial for set up container with pi-hole). My firewall config is here :
2022-11-25.png
2022-11-25 (1).png
My knowledge in change settings here is limited. Maybe it is not even problem in firewall. I'll be glad for any advice. Thanks.
You do not have the required permissions to view the files attached to this post.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: NextDNS as upstream in pi-hole (container)

Fri Nov 25, 2022 6:02 pm

Those picture tell nothing.
Try posting an actual config file.
 
User avatar
sunakashi
just joined
Topic Author
Posts: 17
Joined: Wed Nov 23, 2022 1:55 pm
Location: CZ

Re: NextDNS as upstream in pi-hole (container)

Fri Nov 25, 2022 6:32 pm

/ip firewall filter
add action=accept chain=input comment="allow WireGuard" dst-port=13231 protocol=udp
add action=accept chain=input comment="allow WireGuard traffic" src-address=192.168.100.0/24
add action=accept chain=input comment="defconf: accept established,related,untracked" \
    connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" \
    dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=\
    established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" \
    connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none \
    out-interface-list=WAN
add action=masquerade chain=srcnat src-address=172.17.0.0/24
add action=dst-nat chain=dstnat dst-address=192.168.88.1 dst-port=888 protocol=tcp to-addresses=\
    172.17.0.2 to-ports=80
 
User avatar
sunakashi
just joined
Topic Author
Posts: 17
Joined: Wed Nov 23, 2022 1:55 pm
Location: CZ

Re: NextDNS as upstream in pi-hole (container)

Tue Nov 29, 2022 2:33 pm

Please, is there anyone using pi-hole with DoH to NextDNS successfully? Thanks.

If there is some problem in firewall or settings about working container that wont let me load DoH from NextDNS, I have limited knowledge to know how to solve it. I really like having pihole directly on router (it's faster and save power) but I'll eventually abandon pi-hole in container and plug RPi with pi-hole for working NextDNS.
 
User avatar
sunakashi
just joined
Topic Author
Posts: 17
Joined: Wed Nov 23, 2022 1:55 pm
Location: CZ

Re: NextDNS as upstream in pi-hole (container)

Wed Nov 30, 2022 1:03 pm

Please, could anyone help me with adding firewall rule that accept DNS over HTTPS to be loaded from pi-hole in container?

Who is online

Users browsing this forum: GoogleOther [Bot], outtahere, sas2k and 55 guests