Pihole on docker and dnscrypt connection refused

paolo-hub · January 30, 2022, 6:13pm

My name is Paolo, and I am trying for the first time dnscrypt.
I have a pi-hole DNS server working on Docker container on a Rpi3.
The pihole docker expose the following ports:
53:53/tcp 53:53/udp
8080:80 (8080 for lan management and 80 inside the docker network)

I have installed che dnscrypt server following these guide
The installed image is dnscrypt-proxy-linux_arm-2.1.1.tar.gz and the service not provide any error.

I have change in the configuration file dnscrypt-proxy.toml the listen port from 53 to 5300, to avoid conflicting with pihole. listen_addresses = ['127.0.0.1:5300']

In the pihole Settings I have indicated the Upstream DNS Servers 127.0.0.1#5300.

If I try on the pihole host terminal to resolve an url:

./dnscrypt-proxy -resolve google.com

The sistem responce is:

Resolving [google.com] using 127.0.0.1 port 5300
Unable to resolve: [read udp 127.0.0.1:60672->127.0.0.1:5300: read: connection refused]

I didn't get why read up from port 60672 (that change at every resolve test) and the connection is refused.

Also the internet connection through pihole DNS doesn't work and pihole can't resolve DNS query.

Can some one help me to understand the problem?
Many thanks

The docker command for the pihole container is the following:

docker run -d \
    --name pihole \
    -p 53:53/tcp -p 53:53/udp \
    -p 8080:80 \
    -e TZ="Europe/Rome" \
    -v '/home/pi/dns-crypt/etc-pihole:/etc/pihole' \
    -v '/home/pi/dns-crypt/etc-dnsmasq.d:/etc/dnsmasq.d' \
    -v '/home/pi/dns-crypt/opt-dnscrypt:/opt/dnscrypt-proxy' \
    --dns=127.0.0.1 --dns=1.1.1.1 \
    --restart=unless-stopped \
    --hostname pi.hole \
    -e VIRTUAL_HOST="pi.hole" \
    -e PROXY_LOCATION="pi.hole" \
    -e ServerIP="192.168.100.100" \
    pihole/pihole:latest

Bucking_Horn · January 30, 2022, 9:17pm

As Docker isolates your Pi-hole container into a separate network, Pi-hole won't be able to connect to dnscrypt via the loopback IP (which will only refer back to the container).

Try using the local private IP of your dnscrypt host instead (likely matching the 192.168.100.0/24 range).

paolo-hub · February 1, 2022, 7:42pm

Many thanks.
My error has been install DNSCrypto-Proxy following the wiki instruction on the pihole container.
Now I have created a container dedicated for DNSCrypto-Proxy and pihole can comunicate with it thought the docker network.

paolo-hub · February 1, 2022, 8:32pm

Ok sorry, now pihole resolve query though dnscrypt-proxy.
I have setted the container IP and port as 172.24.0.3#5353, as Custom Upstream DNS Servers, disabling all other Upstream DNS Server.
The DNS responds from a any LAN client, but if i test the DoH connection on: Cloudflare Tester the results is that my connection is not over DoH.
If I try to use directly DNSCryoto-Proxy as DNS server, the test results is instead positive.
I didn't get why the DoH don't works througth pihole connection.