So I am running PiHole in docker. Everything is working as expected, except that for some reason PiHole is getting spammed approximately once per second by these queries:
May 22 00:00:03 dnsmasq: query[NS] . from 172.30.9.1 May 22 00:00:03 dnsmasq: exactly blacklisted . is NODATA
I added a blacklist for it as you can see. But it is still clogging up my statistics with useless information. After some digging, i've realised that 172.30.9.1 is the "gateway" IP for my pihole docker network.
If I look at UFW logs on the host, I can see some similar port 53 traffic, but not happening once every second:
May 22 16:56:44 raspberrypi kernel: [ 3673.767965] [UFW ALLOW] IN= OUT=br-e0014f3a706f SRC=172.30.9.1 DST=172.30.9.3 LEN=45 TOS=0x00 PREC=0x00 TTL=64 ID=26680 DF PROTO=UDP SPT=32990 DPT=53 LEN=25 May 22 16:56:45 raspberrypi kernel: [ 3675.391618] [UFW BLOCK] IN=br-e0014f3a706f OUT= MAC=02:42:3d:02:08:fa:02:42:ac:1e:09:02:08:00 SRC=172.30.9.2 DST=192.168.1.208 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=55903 DF PROTO=UDP SPT=44036 DPT=53 LEN=60
Using UFW to block 172.30.9.1 port 53 traffic didn't seem to help, but maybe I did something wrong...
Here is my tricorder log: https://tricorder.pi-hole.net/r8knsTIW/
And here is my docker-compose:
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ services: cloudflared: container_name: cloudflared # Restart on crashes and on reboots restart: unless-stopped image: cloudflare/cloudflared command: proxy-dns environment: # - "TUNNEL_DNS_UPSTREAM=https://freedns.controld.com/p2,https://cloudflare-dns.com/dns-query" - "TUNNEL_DNS_UPSTREAM=https://adblock.doh.mullvad.net/dns-query" # Listen on an unprivileged port - "TUNNEL_DNS_PORT=5053" # Listen on all interfaces - "TUNNEL_DNS_ADDRESS=0.0.0.0" # Attach cloudflared only to the private network networks: internal: ipv4_address: 172.30.9.2 pihole: container_name: pihole image: pihole/pihole:latest # For DHCP it is recommended to remove these ports and instead add: network_mode: "host" ports: - "53:53/tcp" - "53:53/udp" # - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server - "80:80/tcp" environment: - "TZ=America/Chicago" # Internal IP of the cloudflared container - "DNS1=172.30.9.2#5053" # Explicitly disable a second DNS server, otherwise Pi-hole uses Google - "DNS2=no" # WEBPASSWORD: 'set a secure password here or it will be random' - "MAXDBDAYS=2" # Volumes store your data between container upgrades volumes: - './etc-pihole:/etc/pihole' - './etc-dnsmasq.d:/etc/dnsmasq.d' - './resolv.conf:/etc/resolv.conf' # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities # cap_add: # - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed restart: unless-stopped depends_on: - cloudflared networks: internal: ipv4_address: 172.30.9.3 networks: # Create the internal network internal: driver: bridge ipam: config: - subnet: 172.30.9.0/29