Use PiHole as DNS

[ahsandar]

I have shadowsocks-rust ssserver and Pihole setup as 2 containers using docker-compose. I have tried putting the pihole IP in config.json under dns and also tried pasing it using --dns but seems the requests don't go to Pihole for resolution. Am i missing something ? Also I want to use DoH ideally but can't find how to have it setup. Are thre any guides for setting it up ?

[zonyitoo]

Also I want to use DoH ideally but can't find how to have it setup. Are thre any guides for setting it up ?

Currently DoH is only supported in by builtin DNS configurations, like cloudflare_https.

I have shadowsocks-rust ssserver and Pihole setup as 2 containers using docker-compose. I have tried putting the pihole IP in config.json under dns and also tried pasing it using --dns but seems the requests don't go to Pihole for resolution. Am i missing something ?

You may try to add -vvv and see whether --dns have already set the expected IPs into the DNS resolver. If they were set as expected, queries will be sent to those IPs. You should double check the destination IP and see what exactly happening.

[ahsandar]

I can see below in my logs after adding -vvv. Seems the Ip is being picked by ssserver. So I have a quesiton when I use the shadowsocks android app it asks for Remote DNS address and uses that for resolving the domains so the dns server on ssserver is not used. Also I tried with the outline app over there as well it didn't seem to have the queries resolved using the dns from ssserver.

 shadowsocks::dns_resolver::hickory_dns_resolver: /root/shadowsocks-rust/crates/shadowsocks/src/dns_
resolver/hickory_dns_resolver.rs:127: initializing DNS resolver with config ResolverConfig { domain: None, search: [], name_servers: NameServerConfigGroup([NameServerConfig { socket_addr: 10.0.3.3:53, protocol: U
dp, tls_dns_name: None, trust_negative_responses: true, tls_config: None, bind_addr: None }, NameServerConfig { socket_addr: 10.0.3.3:53, protocol: Tcp, tls_dns_name: None, trust_negative_responses: true, tls_con
fig: None, bind_addr: None }], None) } opts ResolverOpts { ndots: 1, timeout: 5s, attempts: 2, rotate: false, check_names: true, edns0: true, validate: false, ip_strategy: Ipv4AndIpv6, cache_size: 32, use_hosts_f
ile: true, positive_min_ttl: None, negative_min_ttl: None, positive_max_ttl: None, negative_max_ttl: None, num_concurrent_reqs: 2, preserve_intermediates: true, try_tcp_on_error: false, server_ordering_strategy:
QueryStatistics, recursion_desired: true, authentic_data: false, shuffle_dns_servers: false }

 hickory_resolver::async_resolver: /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/hi
ckory-resolver-0.24.1/src/async_resolver.rs:222: handle passed back

[zonyitoo]

So I have a quesiton when I use the shadowsocks android app it asks for Remote DNS address and uses that for resolving the domains so the dns server on ssserver is not used.

Of course.. The dns is only applied to the current process, which is ssserver in your case. There is nothing related to your Android App.

[ahsandar]

so whats the use of dns on ssserver when all queries are resolved on the client ?

[zonyitoo]

ssserver needs to resolve the target domain name for connecting. Domain names resolved on client is just your Android App's implementation specific feature.

[ahsandar]

• I don't see ssserver sending any dns queries to Pihole so not confident if it really is using the dns
• From this shadowsocks-android thread I gather that local DNS a.k.a Remotre DNS is used when it finds something is blocked in an attempt to bypass which makes no sense if target domain is suppose to be resolved by ssserver which should be the case as in a VPN. Only the ssserver host should be resolved using the local dns resolver.

I can understand if Pihole returns a block for a certain domain and shadowssocks client uses a local domain to bypass as a fallback but why are there no dns queries on the pihole from ssserver ?

[zonyitoo]

shadowsocks' protocol supports client (sslocal) to send domain names directly to server (ssserver), so ssserver requires DNS resolution.

I have no idea what Pihole is, you may need to look into deeper in your own environment.