DNS service not running on Raspberry Pi 4B

Help docker
1

Summary: Both web interface and shell report DNS service is not running.

Logs have been uploaded. Token is: POdxjQNr

System details:

$ hostnamectl
   Static hostname: pihole1
         Icon name: computer
  Operating System: Raspbian GNU/Linux 11 (bullseye)
            Kernel: Linux 5.10.63-v7l+
      Architecture: arm

Configuration summary:

  1. Fresh install of Raspberry Pi OS Lite 5.10
  2. Static IP assigned
  3. Install Docker and Docker-Compose
  4. Set up .env file for container variables in /srv/pihole/ as here:
# User ID and Group ID
PUID=1000
PGID=1000
# Timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=America/Edmonton
# Application Details
WEBPASSWORD=[password]
DIRECTORY_PIHOLE=/srv/pihole/etc-pihole/
DIRECTORY_DNSMASQ=/srv/pihole/etc-dnsmasq.d/
  1. Set up docker-compose.yml in /srv/pihole as here:
version: "3"
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: pihole1
    cap_add:
      - NET_ADMIN
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "8080:80/tcp"
    environment:
      TZ: ${TZ}
      WEBPASSWORD: ${WEBPASSWORD}
    volumes:
      - ${DIRECTORY_PIHOLE}:/etc/pihole/
      - ${DIRECTORY_DNSMASQ}:/etc/dnsmasq.d/
    restart: unless-stopped
  1. Started container with sudo docker-compose up -d

When querying pihole in the docker container I can see that the DNS server won't stay up:

$ sudo docker exec -it pihole bash
root@id-pihole1:/# pihole status
  [✗] DNS service is NOT listening
root@id-pihole1:/# pihole restartdns
  [✓] Restarting DNS server
root@id-pihole1:/# pihole status
  [✗] DNS service is NOT listening

I expect this is because something else is listening on port 53 on the bare metal OS. Netstat indicates that 53 is just bound to docker, so I can't work out the issue:

$ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471'
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      879/docker-proxy
tcp6       0      0 :::53                   :::*                    LISTEN      886/docker-proxy
udp        0      0 0.0.0.0:53              0.0.0.0:*                           900/docker-proxy
udp        0      0 0.0.0.0:67              0.0.0.0:*                           859/docker-proxy
udp6       0      0 :::53                   :::*                                908/docker-proxy
udp6       0      0 :::67                   :::*                                865/docker-proxy

I have done a lot of investigation into this and there isn't an easily found solution. I assume I need to disable DNS on my Raspberry Pi so port 53 can be made available to the docker container. According to the Github and Docker readme files, there is a documented method of disabling systemd-resolved but are the instructions here suitable for Raspberry Pi OS? I know both Ubuntu and RPiOS are Debian flavours, but...

Can the support crew have a look at the logs to confirm this, and if so is there a guide to disabling DNS for Raspbian bullseye?

2

Here's something interesting:

$ netstat -a -t udp -n | grep -w 53
$ sudo docker-compose up -d
Creating network "pihole\_default" with the default driver
Creating pihole ... done 
$ netstat -a -t udp -n | grep -w 53
tcp        0      0 0.0.0.0:53              0.0.0.0:\*               LISTEN
tcp6       0      0 :::53                   :::\*                    LISTEN

So it isn't something on the OS stopping the DNS service port. Curiouser and curiouser.

3

I have the same issue. It appears to have started when I updated to the latest Docker build overnight.

There is an Enable menu option in the web interface. When I press it, the status changes to "Running". But as soon as I refresh the page, the status returns to "DNS is not running".

4

Same issue here, running on ubuntu server 20.04.03.

Docker Tag 2022.01 Pi-hole v5.7 FTL v5.12.1 Web Interface v5.9

5
1 Like
6

"start container with SYS_PTRACE capabilities."

7

But the issue is cosmetic only, right? The dns runs the api just isn't picking it up, so if I don't mind that I don't have to give it the sys_ptrace cap if I understand it correctly?

8

As far as I can tell and on my setup, it's just cosmetic.

1 Like
9

Seen this running on my setup as well (Docker Container). Again so far as I can figure out it is working but the interface is unhappy. Option to re-enable works, but shows as 'DNS service not running' on each page change/refresh.

Updated to add:

Pinning the docker container version back to 2021.12.1 has resolved the issue for me. I was using latest.

2 Likes
10

Same exact issue after last night's update.

Here is my debug token: TVr7LXhK

Edit: Same as others. Downgrading to 2021.12.1 resolves the issue.

11

First time installer and got the same thing here. Installed on Windows docker'd WSL. Everything seems to be running, but GUI says DNS Service is not running. Bash sudo service pihole-FTL status shows a proper uptime

12

This issue is solved by adding the environment variable "DNSMASQ_USER" with the value of "root".

Here is my working docker-compose.yml file as an example:

version: "3"
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: pihole1
    cap_add:
      - NET_ADMIN
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "8080:80/tcp"
    environment:
      - TZ=${TZ}
      - WEBPASSWORD=${WEBPASSWORD}
      - DNSMASQ_USER=root
    volumes:
      - ${DIRECTORY_PIHOLE}:/etc/pihole/
      - ${DIRECTORY_DNSMASQ}:/etc/dnsmasq.d/
    restart: unless-stopped

I will follow up this post with details of what I did to set up the docker container.

13

After my attempt to fix this yesterday my Raspberry Pi 4B was left in an altered state (I had disabled and enabled some system daemons, and messed with some hosts files). I decided to quickly reinstall the image and performed the following steps:

  1. Fresh install of Raspberry Pi OS Lite 5.10
  2. Use sudo raspi-config to set initial configuration
  3. Perform apt-get update and apt-get dist-upgrade
  4. Assign the same static IP to ethernet and wireless adapters
  5. Enable SSH access
  6. Configure shared network folders
  7. Install Docker and Docker-Compose and add user pi to docker admin group
  8. Set up .env file for container variables in /srv/pihole/
  9. Set up docker-compose.yml in /srv/pihole/
  10. Started container with sudo docker-compose up -d

This resulted in the following output from docker-compose logs pihole:

$ docker-compose logs pihole
Attaching to pihole
pihole    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
pihole    | [s6-init] ensuring user provided files have correct perms...exited 0.
pihole    | [fix-attrs.d] applying ownership & permissions fixes...
pihole    | [fix-attrs.d] 01-resolver-resolv: applying...
pihole    | [fix-attrs.d] 01-resolver-resolv: exited 1.
pihole    | [fix-attrs.d] done.
pihole    | [cont-init.d] executing container initialization scripts...
pihole    | [cont-init.d] 20-start.sh: executing...
pihole    |  ::: Starting docker specific checks & setup for docker pihole/pihole
pihole    |
pihole    |   [i] Installing configs from /etc/.pihole...
pihole    |   [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
pihole    | Existing DNS servers detected in setupVars.conf. Leaving them alone
pihole    | ::: Pre existing WEBPASSWORD found
pihole    | DNSMasq binding to default interface: eth0
pihole    | Added ENV to php:
pihole    |                     "PIHOLE_DOCKER_TAG" => "2022.01",
pihole    |                     "PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
pihole    |                     "ServerIP" => "0.0.0.0",
pihole    |                     "CORS_HOSTS" => "",
pihole    |                     "VIRTUAL_HOST" => "0.0.0.0",
pihole    | Using IPv4 and IPv6
pihole    | ::: setup_blocklists now setting default blocklists up:
pihole    | ::: TIP: Use a docker volume for /etc/pihole/adlists.list if you want to customize for first boot
pihole    | ::: Blocklists (/etc/pihole/adlists.list) now set to:
pihole    | https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
pihole    | ::: Testing pihole-FTL DNS: FTL started!
pihole    | ::: Testing lighttpd config: Syntax OK
pihole    | ::: All config checks passed, cleared for startup ...
pihole    | ::: Enabling Query Logging
pihole    |   [i] Enabling logging...
  [✓] Logging has been enabled!
pihole    |  ::: Docker start setup complete
pihole    |   Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
pihole    |   Pi-hole version is v5.7 (Latest: v5.7)
pihole    |   AdminLTE version is v5.9 (Latest: v5.9)
pihole    |   FTL version is v5.12.1 (Latest: v5.12.1)
pihole    |   Container tag is: 2022.01
pihole    | [cont-init.d] 20-start.sh: exited 0.
pihole    | [cont-init.d] done.
pihole    | [services.d] starting services
pihole    | Starting lighttpd
pihole    | Starting crond
pihole    | [services.d] done.
pihole    | Starting pihole-FTL (no-daemon) as root

Further confirmation is found by querying the status inside the docker container:

$ sudo docker exec -it pihole bash
root@pihole1:/# pihole status
  [✓] DNS service is listening
     [✓] UDP (IPv4)
     [✓] TCP (IPv4)
     [✓] UDP (IPv6)
     [✓] TCP (IPv6)

  [✓] Pi-hole blocking is enabled

Additionally, the web interface reports that the service is Active, and the "Enable" button disappears.

The use of DNSMASQ_USER fixes this problem but a further question remains - is this to be the expected approach in future and if so, should the docker documentation be updated to reflect this?

14

We are working on a fix already, see this comment:

4 Likes
15

Thank you for confirming this. I will remove the DNSMASQ_USER entry from my docker-compose file, pull the latest version, and see if it works.

16

Confirming that this fixed the issue, thank you Pi-hole team!