I have a cheap VPS configured with unbound + pihole + wireguard that I use when I am out & about. I have secured this box with ufw and allow tcp/udp access to port 53 just locally(local interface + fireguard interface). This has worked very well for years now.
I have a pihole instance inside in my home, I would like my router to use my vps as a backup option for dns, but I am having a tough time querying from inside my house to my vps.
This is the netstat output from my vps.
netstat -nltup | grep 'Proto\|:53 '
udp UNCONN 0 0 0.0.0.0:53 0.0.0.0:* users:(("pihole-FTL",pid=3290,fd=4))
udp UNCONN 0 0 127.0.0.1:5353 0.0.0.0:* users:(("unbound",pid=930,fd=3))
udp UNCONN 0 0 [::]:53 [::]:* users:(("pihole-FTL",pid=3290,fd=6))
tcp LISTEN 0 32 0.0.0.0:53 0.0.0.0:* users:(("pihole-FTL",pid=3290,fd=5))
tcp LISTEN 0 128 127.0.0.1:5353 0.0.0.0:* users:(("unbound",pid=930,fd=4))
tcp LISTEN 0 32 [::]:53 [::]:* users:(("pihole-FTL",pid=3290,fd=7))
I have DNSMASQ_LISTENING=all set in the setupVars.conf
I have the following ufw rules.
5353 ALLOW 127.0.0.1
53 ALLOW 127.0.0.1
53 ALLOW 10.10.0.0/24
53/udp ALLOW <home ip>
53/tcp ALLOW <home ip>
I disabled ufw and I still don't see dns working.
I ran tcpdump in the vps and I see my requests coming, but I don't see pihole-FTL getting the request.
tcpdump -i eth0 -s0 port 53
10:24:21.927310 IP <home ip>.50063 > some.domain.org.domain: 11893+ [1au] A? www.nytimes.com. (44)
I have even disabled ufw but I still don't see pihole-FTL(tail -f /var/log/pihole.log) getting the query, does anybody have any thoughts on what other approaches I can debug this issue?
Thanks!
Thadiyan