Unfortunately, dnsdist (or other proxies) is currently not very easy to use with pihole, because the pihole gui only shows the source IP of dnsdist.
Of course you can create a workaround with policy based routing (I don't think it works with dnsdist) but I would like to have an easier solution (I run everything with docker).
I thought XPF was the solution at first, but the proxy protocol is probably more common.
Unfortunately, a few things are still missing in order to make this work in the future.
My DoH setup:
Internet ---(HTTPS,443)---> Haproxy ---(HTTP,80, docker internal)---> dnsdist ---(dns,53, docker internal)---> pihole --(dns,53, docker internal)---> unbound
My DoT setup:
Internet ---(DoT,853)---> dnsdist ---(dns,53, docker internal)---> pihole --(dns,53, docker internal)---> unbound
Missing:
Haproxy ---(HTTP,80, docker internal)---> dnsdist. (only DoH)
- X-Forwarded-For support, only relevant if several services are to be used via port 443.
- dnsdist: dnsdist: DoH in reverse proxy: Accept HTTP Header for indicating real client (address) · Issue #8661 · PowerDNS/pdns · GitHub
dnsdist ---(dns,53, docker internal)---> pihole. (DoH and DoT)
- proxy protocol support
- dnsdist: Add support for Proxy Protocol between dnsdist and the recursor by rgacogne · Pull Request #8874 · PowerDNS/pdns · GitHub
- pihole: nothing found for the proxy protocol yet, therefore this post
Which service would have to be adapted for the proxy protocol for pihole, pihole-FTL or dnsmasq? Which service provides the DNS port 53 for the clients?