DNS trouble with pihole running with podman
DNS trouble with pihole running with podman
Hi people.
I am running pihole under podman and its dedicated system account on my NAS. Now, from the NAS, I get a connection refused on ip.of.the.nas:53 but everywhere else in my network, pihole works perfectly.
To run pihole as a rootless container, i made it listen on 1053 and I have a firewall redirection from 53 to 1053 for both udp and tcp.
Any pointer to where (and how) I can debug this ?
Edit: Small precision about my current setup : ISP router (so I can't really do anything on it) and NAS running opensuse leap
The request from the other machines go through the firewall and are being redirected, the requests from the NAS are basically trying to connect to localhost, so no redirection here as the requests aren't leaving the machine.
I agree.
So the solution, OP, is to set the DNS settings on your NAS to your router's internal IP so the firewall can redirect the traffic to your new port.
As it's only single device I'd suggest configuring DNS server for that to <ip-of-nas>:1053. Port forwarding rule on the nas firewall most likely applies only to 'incoming' traffic to the nas and as locally generated DNS request isn't 'incoming' (you can think it as 'incoming' traffic is everything coming via ethernet cable into the nas) then the port redirection doesn't trigger as you're expecting.
Thank you for the reply. It is exactly this
Have you considered lowering the unprivileged port limit instead?
sudo sysctl -w net.ipv4.ip_unprivileged_port_start=53 | sudo tee -a /etc/sysctl.confThen remove the firewall rule and bind to port 53.
Edit: typo
Just set the DNS server to localhost:1053 for the nas?
Do you have any idea on how to do it ? Knowing that I am on opensuse
Well, on linux I'd use systemd's resolved which would listen on localhost:53 (it would also point resolv.conf there) and then set resolved's uplink server to your custom port. I don't have the exact config in mind but it seems to support custom uplink ports("expects IPv4 or IPv6 address specifications of DNS servers [...] optionally take a port number separated with ":"[...]")
Edit: found this: https://en.opensuse.org/Network_Management_With_Systemd