[Solved] Use DoT/DoH but keep UDP Port 53 free on Debian

[Harhkl]

Hi there,

I would like to host a Debian mail server, where additionally an OpenVPN server instance is listening on UDP Port 53. The server itself should use DoH if possible, else DoT. I can not get it to work however.

I tried using resolved, but without avail. My ideal solution would be to just be a DoH/DoT client and not bother setting up an own DNS server, so I would not interfere with Port 53. Can someone point me in the right direction?

[reinob]

You could make the OpenVPN server listen on your WAN IP (which is what you need), and your DNS resolver could listen on localhost. This way both OpenVPN and DNS resolver can "share" UDP port 53.

Note however that if you want to host a mail server, it is (generally) recommended not to host a VPN server there, as some systems may (incorrectly) lower the reputation of the mail server because it also "offers" VPN.

For VPN (OpenVPN, Wireguard) I'd recommend the cheapest VPS you can find. It will be enough, and you can keep it separated from other systems.

[Harhkl]

As far as I know, you cannot share a port in the way you recommended, unfortunately.

[reinob]

Of course you can. I have three different programs bound to udp/53 on my server. One is OpenVPN (listening on WAN address), another is an unbound instance (listening on localhost, used as default resolver), and another unbound instance listening on a VPN address (used as resolver for VPN clients).

Any reason why you think you cannot share a port like I've written? (and like I actually do).

[Harhkl]

I want to apologize, your solution works of course. Thank you! I configured my system like you suggested. This can be closed now!

[fabien]

Thanks for updating your topic.

This can be closed now!

To do this, change the title of your first post, e.g.
[Solved] Use DoT/DoH but keep UDP Port 53 free on Debian

EDIT Mon Apr 29 13:40:47 CEST 2024: marked as [Solved]