DHCP is no working

Unusual68 · May 11, 2023, 12:49pm

I am running pihole in docker container wants to use as an dhcp server. I have set network of the container as host . Here is the code

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    network_mode: host
    environment:
      TZ: 'Asia/kolkata'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: unless-stopped

As mention in the document I have set my router dhcp off. In debug log i am seeing that pihole is getting dhcp request but devices are not able to connect .

I have read many community post regarding this issue ,still can't get it working

Here is debug log https://tricorder.pi-hole.net/773pE7mj/

Furthermost , In android devices it stop at obtaining ip addresses

Bucking_Horn · May 11, 2023, 8:09pm

DHCP broadcasts are is same-link/network segment/collision domain only.

Docker's default network mode would isolate your container into Docker's own virtual network.

To use a Pi-hole container as DHCP server, you'd need to switch to a different Docker network mode - see Docker DHCP and Network Modes - Pi-hole documentation.

Unusual68 · May 12, 2023, 2:22am

I am currently runnig docker in host network mode.

I did notices some unsual , when i use netstats to check open port /listening port . I have found that port 67 is not listening. Later i have nmap for open port ,67 and 68 are close

Furthermore, by using iptable to add rule to open this port at input and outputs chain but not geting it working

Here are few questions i do like to ask.

Even when the port 67 and 68 are close how does the pihole get requests for dhcpoffer and dhcpdiscover ?

Am i doing something wrong ?

Should i add port 67 and 68 in docker-compose file

Bucking_Horn · May 12, 2023, 6:59am

No, not with network mode host.
Docker's host network doesn't allow you to map ports, as they are shared with the machine hosting Docker.

Pi-hole's DHCP server should work in host mode, provided its on the same link as your clients.

Let's take a look at past DHCP negotiations.
Please share the token for:

sudo grep dhcp /var/log/pihole/pihole.log* | pihole tricorder

Unusual68 · May 12, 2023, 10:16am

Here is the token : https://tricorder.pi-hole.net/VmwOWjeW/

Bucking_Horn · May 12, 2023, 9:56pm

A complete, scuccesful DHCP conversation sequence would have DHCPDISCOVER (client), DHCPOFFER (server), DHCPREQUEST (client), DHCPACK (server).

You have some of those as well, but your DHCP negotiations show three peculiarities:

a) clients never respond to Pi-hole's DHCPOFFER

May  5 17:58:24 dnsmasq-dhcp[222]: DHCPDISCOVER(eth0) 00:<redacted>:1e 
May  5 17:58:24 dnsmasq-dhcp[222]: DHCPOFFER(eth0) 192.168.1.146 00:<redacted>:1e 
May  5 17:58:33 dnsmasq-dhcp[222]: DHCPDISCOVER(eth0) 00:<redacted>:1e 
May  5 17:58:33 dnsmasq-dhcp[222]: DHCPOFFER(eth0) 192.168.1.146 00:<redacted>:1e 
May  5 17:58:52 dnsmasq-dhcp[222]: DHCPDISCOVER(eth0) 00:<redacted>:1e 
May  5 17:58:52 dnsmasq-dhcp[222]: DHCPOFFER(eth0) 192.168.1.146 00:<redacted>:1e

b) clients try to request an IP they haven't been offered by Pi-hole:

May  5 17:37:48 dnsmasq-dhcp[1084]: DHCPDISCOVER(eth0) fa:<redacted>:fa
May  5 17:37:48 dnsmasq-dhcp[1084]: DHCPOFFER(eth0) 192.168.1.207 fa:<redacted>:fa
May  5 17:37:57 dnsmasq-dhcp[1084]: DHCPREQUEST(eth0) 192.168.1.2 fa:<redacted>:fa
May  5 17:37:57 dnsmasq-dhcp[1084]: DHCPNAK(eth0) 192.168.1.2 fa:<redacted>:fa address not available

c) clients try to request an IP they haven't been offered by Pi-hole, and they are intending it to be received by another server:

May  5 18:01:17 dnsmasq-dhcp[222]: DHCPDISCOVER(eth0) fa:<redacted>:fa 
May  5 18:01:17 dnsmasq-dhcp[222]: DHCPOFFER(eth0) 192.168.1.2 fa:<redacted>:fa 
May  5 18:01:18 dnsmasq-dhcp[222]: DHCPREQUEST(eth0) 192.168.1.3 fa:<redacted>:fa 
May  5 18:01:18 dnsmasq-dhcp[222]: DHCPNAK(eth0) 192.168.1.3 fa:<redacted>:fa wrong server-ID

This is a strong indication for another active DHCP server on the same link, and that DHCP server would also be using the same IP address range for its DHCP pool.

If you intend to run Pi-hole as your DHCP server, you should disable that other DHCP server.

Unusual68 · May 13, 2023, 2:58am

when i turn off router dhcp , there is no dhcp server running except pihole

And i forgot to mention, on 5 may debug log the router dhcp was on . After that day i have debug while dhcp of router is off

I want do ask something

One time i have install pihole without docker . Dhcp start work ,assign the ip address , show name of the device . This was set thought wifi

In router ,i have 2 ssid . Pihole did assign the ip address for only one ssid the others ssid did not get any ip address.

Furthermore, currently i am running pihole on raspberry pi 4 with latest raspbian os.

If i change the os to ubuntu will pihole work ? Or there is a problem in my router?

Bucking_Horn · May 13, 2023, 7:03am

The patterns described also happen for other times, with a) being the most frequent.
The last message from your logs is for May 11:

May 11 12:55:27 dnsmasq-dhcp[1121]: DHCPDISCOVER(eth0) 7c:<redacted>:d9 
May 11 12:55:27 dnsmasq-dhcp[1121]: DHCPOFFER(eth0) 192.168.1.197 7c:<redacted>:d9 
May 11 12:55:27 dnsmasq-dhcp[1121]: DHCPREQUEST(eth0) 192.168.1.2 7c:<redacted>:d9 
May 11 12:55:27 dnsmasq-dhcp[1121]: DHCPNAK(eth0) 192.168.1.2 7c:<redacted>:d9 wrong server-ID

As explained before, DHCP broadcasts are same-link/network segment/collision domain only.

Any layer-3 switching equipment (like an additional router) or software (like VLANs or guest networks) that splits your network into multiple separate segments, and a DHCP server will only be able to receive DHCP broadcasts from the link itself is attached to.

If your router handles SSIDs as separate network links, then that may explain your observation.

If you wish DHCP broadcasts to cross segments, you'd need DHCP relay software on the respective equipment.

Unusual68 · May 13, 2023, 9:14am

The router (form isp) model is F670L has a issues that separate wifi and lan in different network. Unfortunately i cannot find any solution to fix it .

For example,

device_1 and device_2 are two separate devices

I connect devices_1 to lan and devices_2 to wifi . For test , i use ping command on both devices . I observed that devices_2 can communicate with devices_1 but device_1 can not communicate with device_2 . Both can communicate to router

That is why pihole cannot assign ip addresses even when it receives dhpc request