MikroTik

Posted: **Fri Nov 25, 2022 2:03 pm**

I successfully installed and run pi-hole in container right on router (hAP ac3). Now I would like to add NextDNS as upstream in my pi-hole. However when I set IP adresses from NextDNS to custom IPv4 1 and 2, I cannot load any webpage. Query log in pihole writes "sent to dns2.nextdns.io#53", also log in NextDNS is filled with queries, but my browser shows nothing.

Similar story is when I try use NextDNS guide to set up MikroTik with DoH and then pi-hole is not set as DNS server. I cannot load any page, but query log is filled just fine.

So I guess problem is in firewall or any other setting that I configured for docker (I followed exactly this tutorial for set up container with pi-hole). My firewall config is here :

2022-11-25.png

2022-11-25 (1).png

My knowledge in change settings here is limited. Maybe it is not even problem in firewall. I'll be glad for any advice. Thanks.

Posted: **Fri Nov 25, 2022 6:02 pm**

Those picture tell nothing.
Try posting an actual config file.

Posted: **Fri Nov 25, 2022 6:32 pm**

/ip firewall filter
add action=accept chain=input comment="allow WireGuard" dst-port=13231 protocol=udp
add action=accept chain=input comment="allow WireGuard traffic" src-address=192.168.100.0/24
add action=accept chain=input comment="defconf: accept established,related,untracked" \
    connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" \
    dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=\
    established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" \
    connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none \
    out-interface-list=WAN
add action=masquerade chain=srcnat src-address=172.17.0.0/24
add action=dst-nat chain=dstnat dst-address=192.168.88.1 dst-port=888 protocol=tcp to-addresses=\
    172.17.0.2 to-ports=80

Posted: **Tue Nov 29, 2022 2:33 pm**

Please, is there anyone using pi-hole with DoH to NextDNS successfully? Thanks.

If there is some problem in firewall or settings about working container that wont let me load DoH from NextDNS, I have limited knowledge to know how to solve it. I really like having pihole directly on router (it's faster and save power) but I'll eventually abandon pi-hole in container and plug RPi with pi-hole for working NextDNS.

Posted: **Wed Nov 30, 2022 1:03 pm**

Please, could anyone help me with adding firewall rule that accept DNS over HTTPS to be loaded from pi-hole in container?

MikroTik

NextDNS as upstream in pi-hole (container)

NextDNS as upstream in pi-hole (container)

Re: NextDNS as upstream in pi-hole (container)

Re: NextDNS as upstream in pi-hole (container)

Re: NextDNS as upstream in pi-hole (container)

Re: NextDNS as upstream in pi-hole (container)