How to tell multiple localhost DNS servers apart on dashboard and in query logs?

dcostoy · July 29, 2021, 8:22pm

Hi all -

I'm new here, so apologies in advance for any breach of etiquette or faux pas.

On my Pi-hole box I run dnscrypt-proxy on port 54 as my upstream provider (Cloudflare DoH), both for IPv6 and IPv4. I also run an additional custom proxy on port 55 to catch and sink Netflix IPv6 DNS lookups because Netflix blocks my IPv6 tunnel traffic. I catch the requests for the related domains to this proxy in a custom dnsmasq conf file.

As a result, according to the Pi-hole dashboard and query log, my queries are answered by localhost#54, a second localhost#54, and localhost#55.

I would like to label these upstream providers so that it is easier to tell at a glance what service they correspond to, for example, "Upstream IPv4, "Upstream IPv6", and "Netflix DNS Proxy". Is there a way to achieve something like this using pi-hole or some other tool available in my environment?

Also, when I drill down from either localhost#54 on the dashboard "Queries Answered By" it seems to result in the same filtered query results. This seems like an undesirable behavior. I would either expect two different results (presumably one for IPv6 and one for IPv4) or a single aggregation on the dashboard. Perhaps this is a defect?

If any of these details help, I am running Pi-hole 5.3.1 (web v5.5, FTL v5.8.1) using nginx 1.14.2 + php 7.4, on the Homebridge Raspberry Pi image v1.0.23 (based on Raspbian Buster Lite (2021-05-07) on a Raspberry Pi 4B.

Thanks in advance for any help,
Demetrios

Bucking_Horn · July 29, 2021, 8:38pm

Supplying exactly one IP address for the same upstream server instance would suffice. As the DNS protocol is indifferent to the transport IP protocol used, there is no advantage in supplying both an IPv4 and an IPv6 address for the very same server.

As for your issue:
Configure your upstream DNS server software to listen on different loopback addresses and assign hostnames for those, e.g. 127.0.1.1 as dns-crypt and 127.0.1.2 as custom-proxy.

dcostoy · July 29, 2021, 9:22pm

Thanks so much for the quick reply.

Based on your reply, I guess I fundamentally misunderstood how upstream providers work. It sounds like the upstream request is proxied by pi-hole (rather than, say, redirecting the client), so the transport protocol used upstream by pi-hole is irrelevant to the client. Is that right?

Thanks for the additional loopback address recommendation. That is exactly what I needed. I had no idea the whole /8 was available without additional configuration (at least on my OS).

Demetrios

Bucking_Horn · July 29, 2021, 9:32pm

Yes.
A client talks to Pi-hole, and Pi-hole then applies its filtering and forwards non-blocked requests to a configured upstream in order to supply an answer to the client.

system · August 19, 2021, 9:33pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.