I successfully installed and run pi-hole in container right on router (hAP ac3). Now I would like to add NextDNS as upstream in my pi-hole. However when I set IP adresses from NextDNS to custom IPv4 1 and 2, I cannot load any webpage. Query log in pihole writes "sent to dns2.nextdns.io#53", also log in NextDNS is filled with queries, but my browser shows nothing.
Similar story is when I try use NextDNS guide to set up MikroTik with DoH and then pi-hole is not set as DNS server. I cannot load any page, but query log is filled just fine.
So I guess problem is in firewall or any other setting that I configured for docker (I followed exactly this tutorial for set up container with pi-hole). My firewall config is here :
My knowledge in change settings here is limited. Maybe it is not even problem in firewall. I'll be glad for any advice. Thanks.
NextDNS as upstream in pi-hole (container)
You do not have the required permissions to view the files attached to this post.
Re: NextDNS as upstream in pi-hole (container)
Those picture tell nothing.
Try posting an actual config file.
Try posting an actual config file.
Re: NextDNS as upstream in pi-hole (container)
Code: Select all
/ip firewall filter
add action=accept chain=input comment="allow WireGuard" dst-port=13231 protocol=udp
add action=accept chain=input comment="allow WireGuard traffic" src-address=192.168.100.0/24
add action=accept chain=input comment="defconf: accept established,related,untracked" \
connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" \
dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=\
established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" \
connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none \
out-interface-list=WAN
add action=masquerade chain=srcnat src-address=172.17.0.0/24
add action=dst-nat chain=dstnat dst-address=192.168.88.1 dst-port=888 protocol=tcp to-addresses=\
172.17.0.2 to-ports=80
Re: NextDNS as upstream in pi-hole (container)
Please, is there anyone using pi-hole with DoH to NextDNS successfully? Thanks.
If there is some problem in firewall or settings about working container that wont let me load DoH from NextDNS, I have limited knowledge to know how to solve it. I really like having pihole directly on router (it's faster and save power) but I'll eventually abandon pi-hole in container and plug RPi with pi-hole for working NextDNS.
If there is some problem in firewall or settings about working container that wont let me load DoH from NextDNS, I have limited knowledge to know how to solve it. I really like having pihole directly on router (it's faster and save power) but I'll eventually abandon pi-hole in container and plug RPi with pi-hole for working NextDNS.
Re: NextDNS as upstream in pi-hole (container)
Please, could anyone help me with adding firewall rule that accept DNS over HTTPS to be loaded from pi-hole in container?