DNS resolution is currently unavailable - but - everything works as expected

ben-bole · February 7, 2023, 1:30pm

Please follow the below template, it will help us to help you!

If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using `nginx` instead of `lighttpd`, or there is some other aspect of your install that is customised) - please use the Community Help category.

Expected Behaviour:

I run Pi-hole in a docker environment on Ubuntu 22.04 LTS with Portainer. Additionally I have the cloudflared-container running (in a separate docker network (IP: 10.0.0.5)). I expect the pihole -g command to run smoothly and with our errors.

Docker Compose File

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
    environment:
      TZ: 'Europe/Berlin'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole/:/etc/pihole/'
      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.pihole.rule=Host(`pihole.internal.local`)"
      - "traefik.http.services.pihole.loadbalancer.server.port=80"
      - "traefik.http.routers.pihole.entrypoints=web"
      # 53/udp
      - "traefik.udp.routers.53-udp.entrypoints=53-udp"
      - "traefik.udp.routers.53-udp.service=pihole-53-udp"
      - "traefik.udp.services.pihole-53-udp.loadbalancer.server.port=53"
  # 53/tcp
      - "traefik.tcp.routers.53-tcp.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.53-tcp.entrypoints=53-tcp"
      - "traefik.tcp.routers.53-tcp.service=pihole-53-tcp"
      - "traefik.tcp.services.pihole-53-tcp.loadbalancer.server.port=53"
      
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    networks:
      web: # communication with Traefik
      pihole_net: # communication with cloudflared
        ipv4_address: 10.0.0.3

# Cloudflared for DoH
  cloudflared:
    container_name: cloudflared
    image: visibilityspots/cloudflared:latest
    restart: unless-stopped
    networks:
      pihole_net:
        ipv4_address: 10.0.0.5


networks:
    web:
      external: true
    
    pihole_net:
      driver: bridge
      ipam:
       config:
        - subnet: 10.0.0.0/29

Actual Behaviour:

Instead the pihole -g command fails with the error:

[✗] DNS resolution is currently unavailable
  [i] Time until retry: 113^C

  [i] User-abort detected
  [✓] Cleaning up stray matter
  [✓] FTL is listening on port 53
     [✓] UDP (IPv4)
     [✓] TCP (IPv4)
     [✓] UDP (IPv6)
     [✓] TCP (IPv6)

  [✓] Pi-hole blocking is enabled

Debug Token:

https://tricorder.pi-hole.net/xG82kCxx/

Thanks in advance,
Benedict

DanSchaper · February 8, 2023, 4:05am

How are you running pihole -g? Does the same error happen if you use the admin page Update Gravity feature?

http://pi.hole/admin/gravity.php

ben-bole · February 8, 2023, 5:14pm

I am running pihole -g via docker execute and it shows the same errors as when running it via the admin page Update Gravity feature!

Eric_Rickin · February 8, 2023, 6:28pm

the times this has happened to me have been the times where the pihole itself doesn't have any internet access at all.
I find it happens when I go in and I set the static IP in linux and then I forget to add a DNS in the static IP configuration.
Do you have access to a webbrowser or even ping? You could test a domain with ping and see if you get anything back.

I'd try something like

sudo ping google.com

and see if it can reach anything outbound.

DanSchaper · February 8, 2023, 6:38pm

This is likely the issue. The container running Pi-hole looks like it has access to the web network that traefik is monitoring and pihole_net that is a private bridge to connect the pihole and cloudflared containers. I don't see where either of these containers have access outside of that private bridge 10.x/29 network.

Eric_Rickin · February 8, 2023, 8:52pm

Enough mistakes while setting it up myself and sometimes I can answer questions correctly!

ben-bole · February 9, 2023, 6:12pm

Thanks for your ideas.
The web network, that is monitored by traefik, has access to the internet.
Interestingly I can ping google.com from the pihole-container but not from the cloudflared-container. Is that an expected behaviour?

That's my Netplan config

network:
    version: 2
    renderer: networkd
    ethernets:
        enp0s4:
            dhcp4: true
            nameservers:
             #addresses: [10.32.8.9, 1.1.1.1, 8.8.8.8]
              addresses:
              - 127.0.0.1

Should I configure a public DNS-server there, so that my Docker host system (Ubuntu 22.04 LTS) has internet access? Ubuntu runs virtualized on TrueNAS Core (bhyve) - in TrueNAS the only configured DNS-server is the IP of pihole.

What I don't really get is: Why is everything still working as expected? My router broadcasts pihole as the DNS-server to all devices and I can browse the web without any problems.

DanSchaper · February 9, 2023, 11:27pm

I honestly have no advice for you, seems like a rather complex setup with docker composed of multiple networks on a virtualized Ubuntu hosted on TrueNAS.

ben-bole · February 15, 2023, 11:29am

Thank you anyways.
As it's working quite properly (Thanks for your great work btw) I think I will leave it unchanged until the next bigger system upgrade.

system · March 8, 2023, 11:29am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.