Hi,
I have got a PiHole VM (Debian 10.7) and a OPNsense VM as my main router.
Right now I'm using this setup:
1.) Unbound working as forwarding DNS server on my OPNsense. For that Unbound will listen on port 53 on all 8 subnets except for WAN. If it is a local hostname unbound will resolve it, if not unbound will forward the DNS request to my PiHoles. TCP/UDP connections to destination port 53 into the internet are blocked, except the source is one of my PiHoles.
2.) PiHoles will receive DNS requests from unbound and will filter them. If domains are not filtered by PiHole, PiHole will ask a DNS server on the internet.
But now I want to use a DNScrypt proxy as a third step:
3.) Instead of asking a DNS server on the internet PiHole should forward the DNS requests (that didn't got filtered) to my OPNsense on Port 5353 where a DNScrypt proxy is running. The DNScrypt proxy will use DNSCrypt or DNS over HTTPS to resolve the DNS query.
But how it is possible to change the port PiHole is using when forwarding DNS requests? I could set my OPNsense VMs IP as custom upstream server but that way Unbound would listen if PiHole is using port 53 and it would cause a loop. I somehow need to tell PiHole to use 192.0.42.2:5353 as custom upsteam server instead of 192.0.42.2:53.
Any idea how to do this?
Edit:
Looks like I found the solution in another tutorial.
Instead of "192.0.42.2:5353" you need to use "192.0.42.2#5353" for the custom upstream server.
Everything seems to work now.