Custom Upstream DNS server - not working as expected

Help docker
1

This is copy of the github issue: Custom Upstream DNS server - not working as expected · Issue #568 · pi-hole/docker-pi-hole · GitHub. Since I am not getting any attention there, pasting it here. Thanks

This is a:

  • [x] BUG report

Description

I have 2 servers at home. One is main other is just backup in case main is down - this backup is running Pihole and my local DNS (bind9) is running on the main one.

1) Working setup till now (user request -> DNS on main server -> if match respond otherwise forward to the upstream DNS[cloudflare]):

Not using pihole. Had local DNS on the main server and forwarders to (1.1.1.1/1.0.0.1). This is because when locally (or via VPN) users can access services directly on the LAN. Also I am blocking some countries and if users connects from that country my domain is translated Local IP not Public IP.

2) Setup I wan to achieve (user request -> DNS on Pihole -> Pihole Magic/Logic -> forwards to the main server -> if match respond otherwise forward to the upstream DNS[cloudflare]):

Just chain pihole in this whole setup.

  • changed DNS IP in router's DHCP settings from the main server to Pihole
  • tested with default settings (cloudflare upstream DNS servers) - works (Internet part)
  • configured custom upstream DNS server to be the local IP of the main server, here where things started to be weird:
    • some domains gets resolved without the problem, but for example github.com not: ERR_NAME_RESOLUTION_FAILED
    • when connecting via the phone I am getting captive portal redirect to log in to the wifi network - so I guess it fails to resolve something as well
    • e.g. not getting notifications on whatsapp/messenger/hangouts

Expected Behavior

User request -> DNS on Pihole -> Pihole Magic/Logic -> forwards to the main server -> if match respond otherwise forward to the upstream DNS[cloudflare]

Actual Behavior

User request -> DNS on Pihole -> ------>>>> "Strange" Pihole Magic/Logic<<<<------ -> forwards to the main server -> if match respond otherwise forward to the upstream DNS[cloudflare]

Possible Fix

I suspect it might be something with the DNS suffix to be set mydomain.com, but I removed it from the:

  • Router DHCP settings
  • For the Pihole container via manual resolv.conf

However to this weird part:<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Legend:
192.168.255.0/24 - LAN prefix
192.168.255.9 - pihole container
192.168.255.11 - main server running bind9
192.168.255.12 - backup server running pihole container
192.168.255.21 - windows pc (following tests run from)

Resolving Github via Pihole:

nslookup github.com 192.168.255.9
Server:  pihole
Address:  192.168.255.9

*** pihole can't find github.com: Server failed

Resolving some other internet site (dsl.sk):

nslookup dsl.sk 192.168.255.9
Server:  pihole
Address:  192.168.255.9

Non-authoritative answer:
Name:    dsl.sk
Address:  217.67.19.197

ipconfig /all:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : C8-60-00-C2-2A-D9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::cd2c:3dae:4c0c:c967%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.255.21(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 11. februára 2020 14:17:50
   Lease Expires . . . . . . . . . . : 12. februára 2020 14:17:51
   Default Gateway . . . . . . . . . : 192.168.255.1
   DHCP Server . . . . . . . . . . . : 192.168.255.1
   DNS Servers . . . . . . . . . . . : 192.168.255.9
   NetBIOS over Tcpip. . . . . . . . : Enabled

So here I am loosing my mind and seeking for your help please.

Steps to Reproduce and debugging done

  1. default pihole config
  2. upstream dns server to the custom local like bind9
  3. change dns in dhcp settings to pihole on the router
  4. experience that weird behavior

Debug steps I have tried

  • [x] dev or latest image - same behavior

Context and extra information

Your Environment

  • Docker Host Operating System and OS Version: Linux edoras 4.19.0-4-amd64 #1 SMP Debian 4.19.28-2 (2019-03-15) x86_64 GNU/Linux
  • Docker Version: Docker version 19.03.5, build 633a0ea838
  • Hardware architecture: AMDx64

docker-compose.yml:

version: "3.7"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: always
    hostname: pihole
    domainname: example.com
    mac_address: d0:ca:ab:cd:ef:01
    cap_add:
      - NET_ADMIN
    networks:
      pihole_network:
        ipv4_address: 192.168.255.9
    dns:
      - 127.0.0.1
      - 1.1.1.1
      - 1.0.0.1
    ports:
      - 443/tcp
      - 53/tcp
      - 53/udp
      - 67/udp
      - 80/tcp
    volumes:
      - $PWD/resolv.conf:/etc/resolv.conf
      - $PWD/etc-pihole/:/etc/pihole/
      - $PWD/etc-dnsmasq.d/:/etc/dnsmasq.d/
    environment:
      - TZ=${TZ}
      - ServerIP=192.168.255.9
      - VIRTUAL_HOST=dns.example.com/admin/
      - WEBPASSWORD="***"
      - DNS1=192.168.255.11
      - DNS2=no

networks:
  pihole_network:
    driver: macvlan
    driver_opts:
      parent: enp1s0
    ipam:
      config:
        - subnet: 192.168.255.0/24

Resolv.conf (due to issues with docker-compose DNS parameter not working as expected):

domain example.com
nameserver 127.0.0.1
nameserver 1.1.1.1
nameserver 1.0.0.1

Thanks, any help will be much appreciated. Michal