I've set up a Ubuntu server running bind and squid. In my home network I've set up a raspi running pi-hole and dnsmasq. Dnsmasq is set up so that it overrides certain dns requests with the IP of the external Ubuntu server.
I want bind on this server to point all dns requests coming in to the squid proxy, so that this traffic goes through the proxy, without the need to set up the proxy on every device in my home network. Basically, like all these smartDNS services work.
I was not able to get this to work properly. The dns server works fine and returns the IP adress of my server:
~$ nslookup google.com 123.456.789.111
Server: 123.456.789.111
Address: 123.456.789.111#53
When I set up the proxy in my browser it works fine and Google reports 123.456.789.111 as my IP address. However, as soon as I implement the server's IP into my raspi's dnsmasq rules, it does not seem to work. No DNS requests resolve.
I suspect this issue roots in the fact that http(s) proxies use the connect method, which it cannot do with this setup?
How do I go around this issue? Is there any way to tackle this?
I tried a few different guides and also tried a one-click-install github script which uses sniproxy. Sniproxy works fine in this setup, except when it comes to https traffic, only http seems to work here.
Do I need to have a look into squid's peek and splice functionality for this?
I researched this a lot in the last weeks but haven't found anything that I could make use of. Any help is very much appreciated!
Configs
My squid.conf is the standard one except an entry of acl localnet to allow traffic from my local IP.
My named.conf:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
My named.conf.local:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
acl "trusted" {
any;
};
include "/etc/bind/zones.override";
named.conf.options:
options {
directory "/var/cache/bind";
forwarders {
2001:4860:4860::8888;
2001:4860:4860::8844;
8.8.8.8;
8.8.4.4;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-query { trusted; };
allow-transfer { none; };
allow-recursion { trusted; };
recursion yes;
};
db.override:
$TTL 86400
@ IN SOA ns1 root (
2022100701 ; serial
604800 ; refresh 1w
86400 ; retry 1d
2419200 ; expiry 4w
86400 ; minimum TTL 1d
)
IN NS ns1
ns1 IN A 127.0.0.1
@ IN A 123.456.789.111
* IN A 123.456.789.111
zones.override:
zone "." { type master; file "/etc/bind/db.override"; };
