Docker container names as client names?

tomtastic · March 1, 2021, 9:48am

I'm using Pi-hole in a docker container with host-mode networking, and I'd like to see my other (mostly non-hostmode-networking) docker container names in the Pi-hole client list.

The client list shows requests from 172.27.0.2, 172.27.0.6, 172.27.0.9, etc. for all the other docker containers, whereas I'd like to see the container names like 'traefik', 'nginx', 'owntracks'.

Is this at all possible ?

Bucking_Horn · March 1, 2021, 12:56pm

You should be able to use Local DNS records for this.

tomtastic · March 1, 2021, 1:02pm

Except the IP's of the Docker containers are liable to change, new containers might appears, etc, etc.
So managing manually with local DNS quickly becomes unmanageable.

DL6ER · March 1, 2021, 3:35pm

Do you have any location where a list like

172.27.0.2 traefik
172.27.0.6 nginx
172.27.0.9 owntracks

is available?

tomtastic · March 1, 2021, 3:44pm

You can quiz docker of course, not pretty, but for example :

$ docker ps --format '{{.Names}}'|while read;do ip=$(docker inspect -f "{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}" $REPLY);[[ -n "$ip" ]] && echo "$ip $REPLY";done
172.27.0.9 owntracks
172.27.0.8 owntracks-mosquitto
172.27.0.2 traefik
172.27.0.6 znc
172.27.0.5 nginx
172.27.0.7 miniflux
172.27.0.4 calibre
172.27.0.3 miniflux-postgres

PromoFaux · March 1, 2021, 4:02pm

That's a pretty neat command, saving that for later - thanks!

DL6ER · March 1, 2021, 4:54pm

tomtastic:

$ docker ps --format '{{.Names}}'|while read;do ip=$(docker inspect -f "{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}" $REPLY);[[ -n "$ip" ]] && echo "$ip $REPLY";done
172.27.0.9 owntracks
172.27.0.8 owntracks-mosquitto
172.27.0.2 traefik
172.27.0.6 znc
172.27.0.5 nginx
172.27.0.7 miniflux
172.27.0.4 calibre
172.27.0.3 miniflux-postgres

That's exactly what I was thinking about. I was half-expecting such a feature to be directly available in docker.
Anyway, run this periodically and add this to a file in a separate directory you mount into your Pi-hole container. Then specify this directory using hostsdir=... in a config file inside /etc/dnsmasq.d/
New or changed files are read automatically without the need to send a signal to FTL.

Bucking_Horn · March 1, 2021, 5:41pm

Are you able to dig containers by name in your Docker network internally, e.g. what does dig calibre return when run from within your nginx container?

EDIT: If so, taking a look at the server returned by that dig may open an opportunity to have Pi-hole forward DNS requests for 172.16.0.0/12 (or an appropriately smaller range) to that server, provided Pi-hole's container joins the same Docker network.

tomtastic · March 1, 2021, 6:04pm

Yes, thats pretty much what I decided on, but I wasn't sure if I'd have to use the API to bounce the name resolving in the Pi-hole container. Are you sure it reads in any file changes ?

Runner up for most ugly one-liner :

$ docker network ls -f driver=bridge --format '{{.Name}}' | xargs docker network inspect | jq '.[].Containers|.[]|[.IPv4Address,.Name]|@csv' |sed 's#\/16##;s#\"##g;s#\\##g;s#,# #'
172.18.0.5 miniflux-postgres
172.18.0.4 nginx
172.18.0.6 miniflux
172.18.0.3 znc
172.18.0.9 calibre
172.18.0.7 owntracks-mosquitto
172.18.0.8 owntracks
172.18.0.2 traefik

It seems marginally faster, though relies on terrible amateurish JSON munging with jq and sed.

tomtastic · March 1, 2021, 6:38pm

For anyone following along in the future wanting to get this working :

Place the following in pihole/etc-dnsmasq.d/02-grok_docker.conf :

hostsdir=/etc/pihole/localdns

Make the directory pihole/etc-pihole/localdns, ensuring the cron user will be able to write to it (eg. chmod g+w localdns, and chgrp users localdns, or similar)

Stick something like this in /etc/crontab :

# Update our Docker container IPs in the Pi-hole local DNS
0,15,30,45 * * * * user1 /usr/local/bin/update_pihole_localdns_docker

Plop the following into /usr/local/bin/update_pihole_localdns_docker and chmod +x it!

#!/usr/bin/env bash
# This script relies on 'jq', you might need to apt/yum install it!
DNS_DIR="/where/ever/your/docker/is/pihole/etc-pihole/localdns"
DNS_FILE="docker_containers.list"

if [[ -w "$DNS_DIR" ]]; then
    docker network ls -f driver=bridge --format '{{.Name}}' | \
        xargs docker network inspect | \
            jq '.[].Containers|.[]|[.IPv4Address,.Name]|@csv' | \
                sed 's#\/16##;s#\"##g;s#\\##g;s#,# #' > "$DNS_DIR"/"$DNS_FILE"
fi

Then restart your Pi-hole container and hopefully it will resolve your docker image names to their IPs too.

DL6ER · March 1, 2021, 7:03pm

Should be, yes. There will be an inotify watcher attached to the file. I say should as I'm not sure if inotify works on files that are docker mounted and actually live on another system. This you will have to find out, I guess. Trigger a manual change and watch /var/log/pihole.log in your Pi-hole

Every 15 minutes can also be written as:

*/15 * * * *

system · March 22, 2021, 7:03pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.