search

getdnsapi / getdns

A modern asynchronous DNS API https://getdnsapi.net/
Other
468 stars 126 forks source link

Pi hole stubby problems #437

Closed jerkovicl closed 5 years ago

jerkovicl commented 5 years ago

I am trying to setup dns over tls on ubuntu server (19.10) , but i cant get pihole + stubby working and cant figure out what is wrong, here is my docker-compose file:

######### DNS ##########
  # create network:
  # docker network create --gateway 172.28.0.1 --subnet 172.28.0.0/24 skynet
  # Pihole - A black hole for Internet advertisements
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    #domainname: pihole.${DOMAINNAME}
    hostname: pihole
    restart: always
    environment:
      - TZ=${TZ}
      - DNS1=172.28.0.3
      - DNS2=no
      - VIRTUAL_HOST=pihole.${DOMAINNAME}
      - WEBPASSWORD=${PI_PASSWORD}
    volumes:
      - ${USERDIR}/docker/pihole:/etc/pihole
      - ${USERDIR}/docker/pihole/resolv.conf/resolv.conf:/etc/resolv.conf:ro
      - ${USERDIR}/docker/pihole/pihole.log:/var/log/pihole.log
      - ${USERDIR}/docker/pihole/dnsmasq.d:/etc/dnsmasq.d
    dns:
      - 127.0.0.1
      # Sets a backup server of your choosing in case DNSMasq has problems starting
      - 1.1.1.1
    depends_on:
      - stubby
    networks:
      skynet:
        ipv4_address: 172.28.0.2
    #   ports:
    #     - 53:53/tcp
    #     - 53:53/udp
    #     - 67:67/udp
    labels:
      - "traefik.enable=true"
      - "traefik.frontend.rule=Host:pihole.${DOMAINNAME}"
      - "traefik.port=80"
      - "traefik.protocol=http"
      - "traefik.docker.network=skynet"

  #resolution_type: GETDNS_RESOLUTION_STUB
  #dns_transport_list:
  # NOTE: force forward request over TLS connection.
  #- GETDNS_TRANSPORT_TLS
  #tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
  #tls_query_padding_blocksize: 128
  #edns_client_subnet_private : 0
  #round_robin_upstreams: 1
  #idle_timeout: 10000
  #listen_addresses:
  #- 127.0.0.1
  #- 0::1
  #dnssec: GETDNS_EXTENSION_TRUE
  #appdata_dir: "/var/cache/stubby"
  #upstream_recursive_servers:
  # NOTE: adjust your needs accordingly.
  # https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers
  # https://raw.githubusercontent.com/getdnsapi/stubby/develop/stubby.yml.example
  #- address_data: 1.1.1.1
  #  tls_auth_name: "cloudflare-dns.com" #"dns.google"
  # Stubby - DNS Privacy stub resolver (using DNS-over-TLS)
  stubby:
    image: yegle/stubby-dns:latest
    container_name: stubby
    hostname: stubby
    dns: 127.0.0.1
    restart: always
    volumes:
      - ${USERDIR}/docker/stubby:/usr/local/etc/stubby
    networks:
      skynet:
        ipv4_address: 172.28.0.3

  # Corefile
  #tls://.:853 https://.:443 {
  #  tls fullchain.pem privkey.pem
  #  forward . 172.28.0.2:53
  #  log
  #  any
  #}
  # CoreDNS - DNS server, used here to terminate DoT
  coredns:
    image: coredns/coredns
    container_name: coredns
    hostname: coredns
    command: -conf /root/Corefile
    restart: always
    environment:
      - GODEBUG=tls13=1
    volumes:
      - ${USERDIR}/docker/coredns:/root:ro
      - ${USERDIR}/docker/coredns:/plugin.cfg:ro
      - ${USERDIR}/docker/shared/letsencrypt/etc/live/${DOMAINNAME}/fullchain.pem:/fullchain.pem:ro
      - ${USERDIR}/docker/shared/letsencrypt/etc/live/${DOMAINNAME}/privkey.pem:/privkey.pem:ro
    ports:
      - target: 853
        published: 853
        protocol: tcp
        mode: host
    labels:
      - "traefik.enable=false"