DHCP Not working (docker)

Please follow the below template, it will help us to help you!

Expected Behaviour:

PiHole to server IP addresses.

Actual Behaviour:

PiHole doesn't service IP Addresses.

Windows 10 test client reports: An error occurred while renewing interface Ethernet 2 : unable to contact your DHCP server. Request has timed out.

PiHole fails to upload debug log.

I am trying to migrate from a PiHole Raspberry Pi image to a the PiHole docker image. I used the following to create the container:
sudo docker run -d
--name=pihole
-p 53:53/tcp -p 53:53/udp
-p 67:67/udp
-p 8081:80
-v /opt/docker/pihole/config:/etc/pihole/
-v /opt/docker/pihole/dnsmasq.d/:/etc/dnsmasq.d/
-e ServerIP="192.168.2.179"
-e TZEurope/London
-e WEBPASSWORD=
--restart=unless-stopped
--cap-add=NET_ADMIN
pihole/pihole:v4.0_armhf

I have ensured the original Pi running PiHole is switched off and unplugged. The original Pi worked and served IP addresses. It is running v3 of PiHole.

Both old and new are identical versions of Pi 3s running Rasbian 9 Stretch.
uname -a: Linux RPi3-Home1 4.14.52-v7+ #1123 SMP Wed Jun 27 17:35:49 BST 2018 armv7l GNU/Linux

I see the following logged in the debug trace:
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
172.17.0.2/16 does not match the IP found in /etc/pihole/setupVars.conf (Use IPv6 ULA addresses for Pi-hole)

And the following in the pihole.log:
Sep 3 09:51:53 dnsmasq-dhcp[479]: no address range available for DHCP request via eth0

Not sure if this is relevant though as I get the same problem without the logs when the container is run with --net=host.

Debug Token:

I will try again when I re-enable my old PiHole.

From the terminal of the Pi-Hole host platform, what are the outputs of the following commands:

cat /etc/pihole/local.list

ip addr

cat /etc/resolv.conf

cat /etc/dnsmasq.d/01-pihole.conf

Hi thanks for getting back to me, the details are as follows (paths updated to point to container configuration where necessary).

cat /opt/docker/pihole/config/local.list
    192.168.2.179 b511b8ab4921
    192.168.2.179 pi.hole

ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:98:70:9e brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.179/24 brd 192.168.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::60d0:6f8:7ebb:c7c4/64 scope link
       valid_lft forever preferred_lft forever
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether b8:27:eb:cd:25:cb brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:fc:bc:e6:8b brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet 169.254.195.237/16 brd 169.254.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::8153:9b86:6046:6b5e/64 scope link
       valid_lft forever preferred_lft forever
5: br-038b4653774a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:3b:73:01:67 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-038b4653774a
       valid_lft forever preferred_lft forever
    inet 169.254.3.95/16 brd 169.254.255.255 scope global br-038b4653774a
       valid_lft forever preferred_lft forever
    inet6 fe80::cfb3:2510:12a2:13b/64 scope link
       valid_lft forever preferred_lft forever
7: vethf385d1a@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-038b4653774a state UP group default
    link/ether 5e:21:65:46:d8:de brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 169.254.208.60/16 brd 169.254.255.255 scope global vethf385d1a
       valid_lft forever preferred_lft forever
    inet6 fe80::5c21:65ff:fe46:d8de/64 scope link
       valid_lft forever preferred_lft forever
9: veth1c9d9b3@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-038b4653774a state UP group default
    link/ether fe:94:2c:31:58:2c brd ff:ff:ff:ff:ff:ff link-netnsid 3
    inet 169.254.173.64/16 brd 169.254.255.255 scope global veth1c9d9b3
       valid_lft forever preferred_lft forever
    inet6 fe80::cf4d:2902:c620:e75c/64 scope link
       valid_lft forever preferred_lft forever
11: vethcfe7909@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-038b4653774a state UP group default
    link/ether 52:35:fc:22:b6:86 brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet 169.254.139.248/16 brd 169.254.255.255 scope global vethcfe7909
       valid_lft forever preferred_lft forever
    inet6 fe80::4e45:ba18:88ad:3ebe/64 scope link
       valid_lft forever preferred_lft forever
13: veth71f8de3@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-038b4653774a state UP group default
    link/ether 2e:52:96:d1:17:df brd ff:ff:ff:ff:ff:ff link-netnsid 4
    inet 169.254.34.57/16 brd 169.254.255.255 scope global veth71f8de3
       valid_lft forever preferred_lft forever
    inet6 fe80::3abb:e764:5108:af4e/64 scope link
       valid_lft forever preferred_lft forever
15: vethc15f6fa@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-038b4653774a state UP group default
    link/ether 96:8b:e5:b1:7b:7e brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet 169.254.37.40/16 brd 169.254.255.255 scope global vethc15f6fa
       valid_lft forever preferred_lft forever
    inet6 fe80::948b:e5ff:feb1:7b7e/64 scope link
       valid_lft forever preferred_lft forever
25: veth6d1c593@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether 7a:da:84:88:fb:c1 brd ff:ff:ff:ff:ff:ff link-netnsid 5
    inet 169.254.194.27/16 brd 169.254.255.255 scope global veth6d1c593
       valid_lft forever preferred_lft forever
    inet6 fe80::7fe3:14a5:cbb6:f4b3/64 scope link
       valid_lft forever preferred_lft forever

cat /etc/resolv.conf
    Generated by resolvconf
    domain SKYNET
    nameserver 192.168.2.180

cat /opt/docker/pihole/dnsmasq.d/01-pihole.conf
    Pi-hole: A black hole for Internet advertisements
    (c) 2015, 2016 by Jacob Salmela
    Network-wide ad blocking via your Raspberry Pi
    http://pi-hole.net
    dnsmasq config for Pi-hole
    
    Pi-hole is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 2 of the License, or
    (at your option) any later version.

    ###############################################################################
    #      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
    # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
    #                                                                             #
    #        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
    #                      /etc/pihole/setupVars.conf                             #
    #                                                                             #
    #        ANY OTHER CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE           #
    #                        OR IN /etc/dnsmasq.conf                              #
    ###############################################################################

    addn-hosts=/etc/pihole/gravity.list
    addn-hosts=/etc/pihole/black.list
    addn-hosts=/etc/pihole/local.list
    localise-queries
    no-resolv
    cache-size=10000
    log-queries=extra
    log-facility=/var/log/pihole.log
    local-ttl=2
    log-async
    server=8.8.8.8
    server=8.8.4.4
    domain-needed
    bogus-priv
    interface=eth0

Here is my debug token: bjn4lsrws8

Just a shot in the dark: have you enabled, or added restrictive rules to the firewall? I remember I had to add allow rules for DHCP when my pihole was serving requests.

I do not have internal firewalls on my Pi (not that I know of in any case).

Is this the current debug token that matches the system that produced the command outputs above?

sudo iptables -L

Are each of the chains set to policy ACCEPT ?

Nope.

'Chain INPUT (policy ACCEPT)' and 'Chain OUTPUT (policy ACCEPT)' have nothing.

There are some items under 'Chain FORWARD (policy DROP)' and DOCKER specific chains (DOCKER, DOCKER-ISOLATION-STAGE-1, DOCKER-ISOLATION-STAGE-2 and DOCKER-USER).

Yes it is.

Its peculiar. All I wanted to do was to move my old PiHole (v3) install from using a Pi all to itself to a Docker Container install on another Pi, upgrading to v4 of PiHole at the same time.

I first tried to use Teleporter to copy the DHCP configuration including static IPs but it only copied the configuration, not the static IPs. So I copied the contents of the 04-pihole-static-dhcp.conf to the new configuration.

With or without the copied DHCP configuration, it doesn't want to work.

There appear to be some address mismatches.

Eth0 on the Pi-Hole is 192.168.2.179.

The Pi-Hole appears to be listening for DNS queries on 192.168.0.2 per the debug log.

The name server for the Pi-Hole in /etc/resolv.conf is domain SKYNET on IP 192.168.2.180.

I'm not a docker user, but on a Pi-Hole install on a Pi, the name server is the loopback IP (127.0.0.1) and the Pi listens for DNS queries on its statically assigned IP address.

Thanks for the info @jfb I will try to look into why when the docker container was created it set the name-server to that other IP address (which just happens to be my current PiHole Pi IP address).

Maybe something I put in when creating the image, but I doubt it as I create the docker container create/run command in a text editor before copying it to the Pi and running the command, so I can see exactly what the last create/run command was.

I will try creating the image completely from scratch, see if there is more than just docker rm the container to ensure any old details are removed!

A little update, I removed the nameserver entry from the containers host Pi's /etc/resolve.conf which the docker container copies when it is created.

The PiHole container now has the nameservers as specified in the PiHole UI configuration under DNS (current Googles DNS servers).

I will see in the morning if this has behaved better. The logs look a bit better (to me in any case). Here's a new debug token: e5q7q502ej.

Thanks for the help.

An update of my progress...

I have tried creating a brand new Rasbian Stretch image and only installed docker and the pihole/pihole:v4.0_armhf container configure to run in net host configuration and this works.

I am assuming that when the docker container is created it copies some of the host OS settings, and in my case they where wrong. See resolv.config comments above.

When I try to run the pihole container in dockers default net bridged mode DHCP does not work and I get the diagnostic error:
[✓] IPv4 address(es) bound to the eth0 interface:
172.17.0.2/16 does not match the IP found in /etc/pihole/setupVars.conf (Use IPv6 ULA addresses for Pi-hole)

And the run time error:
dnsmasq-dhcp[479]: no address range available for DHCP request via eth0

I will continue to run it in net host mode as this works but I would prefer it to be run in bridged mode.

Thanks for all your help for getting me to understand the problem...

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.