[REQUEST] Add option to specify port for forwarding rules

[fyvfy]

Output of the following commands:

./dnscrypt-proxy -version
2.1.1

What is affected by this bug?

Cannot forward query to dns resolver which is listening on non-standard port

Expected behavior (i.e. solution)

dnscrypt-proxy should accept something like this in 'forewarding_rules' file:
lan 192.168.1.1:7753
internal 192.168.2:5300

Other Comments

This is useful when you need to forward queries to authoritative server on the same machine be it dns server installed from os repository (but listening on different port) or rootless container with dns server (which by design cannot listen on ports <1024)

[r4sas]

Everything works, check accessibility of your server first.

## This is used to route specific domain names to specific servers.
## The general format is:
## <domain> <server address>[:port] [, <server address>[:port]...]
...
lan            127.0.0.1:5300

Maybe you haven't enabled forwarding rules in configuration?

[jedisct1]

Yes, it's already supported.

[fyvfy]

Yep, it actually working. Kind of.

I want to setup dns resolving for my local '*.lan' zone. it should not be internet accessible.

Why not use unbound to resolve 'lan' zone and as a cache server and forward everything else to dnscrypt-proxy? Because dnscrypt-proxy works well as adblock + secure dns combo. Also nice to have this answer

"This query has been locally blocked" "by dnscrypt-proxy"

for debugging. And if/when i misconfigure unbound "internet" will continue to work.

#######

Imagine this config:

router with a few interfaces
        interface external with ip address 10.x.x.x - from my isp 
        interface lanX with ip address 192.168.1.1 - here i want all that dns stuff  
        interface lanY 192.168.2.1 - something else

dnscrypt-proxy listening on 192.168.1.1:53
        forwarding queries for 'lan' zone to 192.168.1.1:5333 (to unbound)

unbound listening on 192.168.1.1:5353
        resolving queries for 'lan' zone
        access-control: 0.0.0.0/0 refuse
        access-control: 192.168.1.0/24 allow

In this configuration dnscrypt-proxy will send packets to unbound from source address 10.x.x.x
dnscrypt-proxy logs are a little unhelpful:
[2022-06-09 00:21:39] 192.168.1.7 resolveme.lan A PARSE_ERROR 0ms -

And in unbound:
Jun 09 00:21:39 rigel unbound[6114]: [6114:0] debug: refused query from 10.x.x.x port 43075 because of 0.0.0.0/0 refuse

Maybe choose source address depending on destination address?

And if i change

unbound to listen on 127.0.0.1:5333
dnscrypt-proxy to forward queries to 127.0.0.1:5333

then everything working. Finally. I'm almost happy.