Hi all!
I have a very similar case to DNS Cache not working which was never resolved, however I use the official pihole docker image.
I used docker to set up the official pihole image and the official unbound image and gave pihole unbound as it's upstream server. When I did this, the cache insertions stopped happening. When I set it back to any other upstream provider, the caching starts again.
Here's my docker-compose.yml file:
version: '3'
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
ports:
- "53:53/tcp"
- "53:53/udp"
#- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
- "80:80/tcp"
environment:
TZ: 'Europe/Budapest'
# WEBPASSWORD: 'set a secure password here or it will be random'
# Volumes store your data between container upgrades
volumes:
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
#- './etc-pihole-updatelists/:/etc/pihole-updatelists/'
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN # Recommended but not required (DHCP needs NET_ADMIN)
restart: unless-stopped
dns:
- 8.8.8.8
unbound:
container_name: unbound
image: mvance/unbound:latest
ports:
- "5053:53/udp"
- "5053:53/tcp"
volumes:
- './etc-unbound:/etc/unbound/'
restart: unless-stopped
How do I do it with a docker container?
I tried to run the command, however I couldn't get an output. I tried to expose the container's port 4711 (both tcp and udp), and run it again... Nothing. I tried echo ">cacheinfo >quit" | docker exec pihole nc localhost 4711 and the process just hang there for hours without any output.
Here's a screenshot for clarification:
None of these numbers go up if I load new sites.
Then I found this: unbound.conf(5) — Unbound 1.14.0 documentation
Guess what, setting the value to yes (and restarting the containers once more) did something as load times appear to reduce after first loading a page (or I'm imagining it...), but when I rerun the commands above I still got the same response.
I might have figured it out by accident: it's performance.
I was having other DNS issues, so I turned off unbound and put 1.1.1.1 in its place, and suddenly resolution & blocked rates skyrocketed. Thinking back, there were a lot of "Retired" entries and sometimes got the "Maximum concurrent DNS queries" warning.
What I think happened is that unbound couldn't keep up with all the 20+ devices on my network (of four people most of the time), and on our devices DNS kept timing out. They turned then to the secondary DNS provider, which is my router. This would explain why load times were abyssal.
At the same time, unbound also timed out, dropping the query and never sending a response and PiHole had nothing to cache.
I'm not 100% sure if the root cause is timing out, or a misconfiguration of my containers or an issue with the host (docker and virtual network interfaces); but now it works, be it less private.
