Cannot get Pihole to perform DNS duties with GL.inet AXT1800 trvel router INtel based server running Docker and Pihole

The issue I am facing:
I can get Pihole to return dns queries if I am ssh'd into the docker container. No problem. Also from host machine, I can return dns if I state the docker container as the lookup server using nslookup. If I statically state the dns server container IP, or the host server IP as the default dns server, I get nothing. Also if I set the dhcp dns setting for the router to set the ip address of either the pihole contianer IP or the host IP, I get nother either.

Details about my system:
BeeHive INtel i5 server running latest LTE Debian. Running Docker, Portainer, Pihole
What I have changed since installing Pi-hole:
Thjis is my docker compose file I used to install this:

First I created this network in docker:
sudo docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 dockernet

docker-compose.yaml:
version: "3"
services:
pi-hole:
container_name: pi-hole
image: pihole/pihole
restart: unless-stopped
hostname: pihole
ports:
- "80:80/tcp"
- "192.168.8.10:53:53/tcp"
- "192.168.8.10:53:53/udp"
- "443:443/tcp"
volumes:
- "pihole-data:/etc/pihole"
- "pihole-dnsmasq:/etc/dnsmasq.d"
environment:
- PIHOLE_DNS_='10.10.10.3#5053'
- IPv6=false
- TZ=America/Los Angeles
- WEBPASSWORD=xxxx
- ServerIP:'10.10.10.2'
networks:
default:
ipv4_address: 10.10.10.2
dns:
- 127.0.0.1
- 9.9.9.9
cap_add:
- NET_ADMIN

volumes:
pihole-data:
driver_opts:
type: none
device: /home/bvalvik/pihole/data
o: bind
pihole-dnsmasq:
driver_opts:
type: none
device: /home/bvalvik/pihole/dnsmasq
o: bind

networks:
default:
external:
name: dockernet

Anyone have any suggestions?

Run from a client in your network (not from the machine hosting Pi-hole), what is the output of

nslookup 192.168.8.10

nslookup flurry.com 192.168.8.10

Does that second request show up in Pi-hole's Query Log?

This is from another Windows PC on the same network as the GL router and Pihole server.

C:\Users\bvalvik>nslookup flurry.com 192.168.8.10
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.8.10

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

That could suggest that DNS request did not reach your Pi-hole.

What about the Query Log and the other nslookup?

Thank you for the quick response. I forgot the first nslookup. Oddly I am unable to locate this linux server.

C:\Users\bvalvik>nslookup 192.168.8.10
Server: console.gl-inet.com
Address: 192.168.8.1

My guess is that there is no dns entry for this server, 192.168.8.10.

As far as the query log, I am guessing this is the log at /var/log/pihole. When I runn dig from within the container I see the query result in the pihole log, however I do not see it from either the host server nor the Windows PC here.

I did try one additional nslookip from my Windows PC.

C:\Users\bvalvik>nslookup yahoo.com 10.10.10.2
Server: UnKnown
Address: 10.10.10.2

Non-authoritative answer:
Name: yahoo.com
Addresses: 2001:4998:124:1507::f000
2001:4998:44:3507::8001
2001:4998:24:120d::1:1
2001:4998:24:120d::1:0
2001:4998:44:3507::8000
2001:4998:124:1507::f001
74.6.231.21
98.137.11.163
98.137.11.164
74.6.143.25
74.6.143.26
74.6.231.20

I believe this is the ip address assigned to the Pihole container via the 'dockernet' network I created.

You could've just followed the link to Pi-hole's UI I've provided.
That UI is indeed a view of the most recent 24 hours from /var/log/pihole/pihole.log.

If the nslookups from your clients do not register in there, that would mean that the respective DNS requests never make it to Pi-hole.

Most often, this is caused by a firewall on the Pi-hole host blocking required ports.
In your case, you may also want to check that 192.168.8.10 is actually assigned to the machine hosting Docker, e.g. by running ip -4 address.

I tried the link you provided and it did not return anything.

Here is the result of the command you requested.

bvalvik@TravelServer:~/pihole$ ip -4 address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.8.10/24 brd 192.168.8.255 scope global enp3s0
valid_lft forever preferred_lft forever

Of course - my bad, that link will only work if the browser requesting it would use Pi-hole for DNS.

Are you able to access http://192.168.8.10/admin/queries.php?

Did that request register in the logs?

You may want to repeat that, perhaps with a made-up domain name, so you can retrieve that name from the logs more easily (e.g. for nslookup easy-find 10.10.10.2):

sudo grep easy-find /var/log/pihole/pihole.log

The new url worked. I re-ran the nslookup yahoo.com 10.10.10.2 and there was no entry in the query log for this request.

I also checked out the firewall link you provided and installed ufw. I then ran the commands for pihole. however this did not change anything. I disabled ufw after it failed to return anything.

This definitely appears to be a firewall issue. I cannot figure out what is installed though. Still investigating this.

I ran dig yahoo.com 10.10.10.2 and dig yahoo.com 192.168.8.10, and finally dig yahoo.com localhost.

All returned properly with dns details.

Queries from other pc's does not seem to make it. Not sure if this is Docker networking or host server firewall.

UPDATE: I located iptables as the default firewall. Removed ufw and ran the commands to allow pihole through the firewall. Stil no glory running 'nslookup yahoo.com 192.168.8.10' from PC.

I just got this entry in the dnsmasq log.

ignoring query from non-local network 192.168.8.127 (logged only once)

I tested the Settings - DNS - Interface Settings in pihole to all the 'Potentially dangerous options' and the dns query works. Changing it back re-blocks the query. I think I am onto this but would like to know how to get the setup configuration to not be as open as these 'dangerous' settings are allowing.

Any suggestions?

It appears this resolved the issue and it makes sense. The pihole container is 2 jumps away from the PC on the network and would not return the dns query. Changing the dnsmasq setting to the first 'dangerous' setting fixed the issue. My router now can hand out the pihole server as the default dns server.

I looked up the documentation linked at the bottom of the settings and it mentions altering the interface dnsmasq would allow listening to however there is no mention on how to execute these interface changes or what file to modify. Just curious.

Thank you @Bucking_Horn for all your help on this. I got what I needed working.

You should be able to switch to one of the interface specific options (perhaps only after adjusting INTERFACE to properly reflect your host's network interface).

But from what you've shared, you already did switch to Respond only on interface eth0:

As for your most recent nslookup result:

I'd been surprised if there was.

Your custom Docker bridge network at 10.10.10.0/24 would only be accessible Docker-internally, by other Docker containers managed by Docker on that machine.

Your Windows PC should not have even known that it should have routed requests to that 10.10.10.0/24 via your 192.168.8.10.
I wonder what machine at 10.10.10.2 actually answered those DNS requests.

In addition, what's your intention for using a custom bridge network for Pi-hole?
You'd usually create a custom network if you'd want other containers to join the same network.

I also noticed that you are using a deprecated environment variable:

You may want to consider replacing that by FTLCONF_LOCAL_IPV4, and it should be set to your host's IP (192.168.8.10 in your case).

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.