Docker "i/o timeout" when using pi-hole as (standalone) DNS server

Jose_Bernardo_Bandos · April 24, 2024, 5:59am

Please follow the below template, it will help us to help you!

If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using `nginx` instead of `lighttpd`, or there is some other aspect of your install that is customised) - please use the Community Help category.

Expected Behaviour:

Have pi-hole answer DNS queries:

$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world

OS: MX-Linux :

$ uname -a
Linux desktop 6.7.12-1-liquorix-amd64 #1 ZEN SMP PREEMPT liquorix 6.7-18~mx23ahs (2024-04-04) x86_64 GNU/Linux

Actual Behaviour:

Unable to find image 'busybox:latest' locally
docker: Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 10.0.0.16:53: read udp 10.0.0.195:35913->10.0.0.16:53: i/o timeout.

Debug Token:

[Replace this text with the debug token provided from running pihole -d (or running the debug script through the web interface]
https://tricorder.pi-hole.net/fVCXn5i5/

My local machine ("desktop") has ips 10.0.0.195 - eth0, 10.0.0.73 - wlan0, and docker's network is at 172.17.0.1/16.
If I add "nameserver 1.1.1.1" to my /etc/resolv.conf, docker manages to resolve DNS and pull the images, if I leave only "nameserver 10.0.0.16" it gives the timeout error above.
I can't find anything on the pi-hole query log on registry-1.docker.io, either blocked or unblocked, so it's like docker's query isn't arriving to pi-hole, which is strange, because everything else is.
To be sure it wasn't that, in pi-hole's DNS settings, I've chosen the "potentially dangerous option" of allowing all origins, and it still doesn't work.

Any ideas?

ETA: - I can lookup and access "https://registry-1.docker.io/v2/" from a browser, using curl, etc.

$ nslookup registry-1.docker.io
Server:		10.0.0.16
Address:	10.0.0.16#53

Non-authoritative answer:
Name:	registry-1.docker.io
Address: 54.198.86.24
Name:	registry-1.docker.io
Address: 54.236.113.205
Name:	registry-1.docker.io
Address: 54.227.20.253
Name:	registry-1.docker.io
Address: 2600:1f18:2148:bc02:445d:9ace:d20b:c303
Name:	registry-1.docker.io
Address: 2600:1f18:2148:bc00:8d61:9b62:40aa:8bb8
Name:	registry-1.docker.io
Address: 2600:1f18:2148:bc01:571f:e759:a87a:2961