I've got Pi-hole as my primary DNS and listening on port 53.
I've also got Bind listening on port 5353, this is handling my internal DNS and passing upstream to Google.
In the setupVars.conf file I've got:
PIHOLE_DNS_1=192.168.0.8#5353
but this seems to be ignored.
My Bind server is definitely working and will resolve proxy.digi.lab:
# dig proxy.digi.lab @192.168.0.8 -p 5353
; <<>> DiG 9.16.27-Debian <<>> proxy.digi.lab @192.168.0.8 -p 5353
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35138
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;proxy.digi.lab. IN A
;; ANSWER SECTION:
proxy.digi.lab. 300 IN A 10.5.1.5
;; Query time: 0 msec
;; SERVER: 192.168.0.8#5353(192.168.0.8)
But Pi-hole can't resolve it:
# dig proxy.digi.lab @192.168.0.8 -p 53
; <<>> DiG 9.16.27-Debian <<>> proxy.digi.lab @192.168.0.8 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1739
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
; EDE: 12 (NSEC Missing)
;; QUESTION SECTION:
;proxy.digi.lab. IN A
;; Query time: 12 msec
;; SERVER: 192.168.0.8#53(192.168.0.8)
I'm definitely looking at the right ports:
UNCONN 0 0 192.168.0.8:5353 0.0.0.0:* users:(("named",pid=23929,fd=30))
UNCONN 0 0 192.168.0.8:5353 0.0.0.0:* users:(("named",pid=23929,fd=31))
UNCONN 0 0 127.0.0.1:5353 0.0.0.0:* users:(("named",pid=23929,fd=25))
UNCONN 0 0 127.0.0.1:5353 0.0.0.0:* users:(("named",pid=23929,fd=24))
UNCONN 0 0 0.0.0.0:53 0.0.0.0:* users:(("pihole-FTL",pid=24653,fd=4),("pihole-FTL",pid=24633,fd=4))
UNCONN 0 0 [::1]:5353 *:* users:(("named",pid=23929,fd=34))
UNCONN 0 0 [::1]:5353 *:* users:(("named",pid=23929,fd=35))
UNCONN 0 0 *:53 *:* users:(("pihole-FTL",pid=24653,fd=6),("pihole-FTL",pid=24633,fd=6))
This setup was working till this morning when I upgraded to:
Pi-hole v5.14.2 FTL v5.19.2 Web Interface v5.17
To double check, I set the upstream to an IP which isn't assigned:
PIHOLE_DNS_1=192.168.0.6
And Pi-hole can still resolve IPs.
Is this something I've broken or is this a bug in the latest version?