Docker - Incorrect DNS address being sent to DHCP clients

Help docker
1

I have been having some issues with docker, namely with the DHCP server handing out the proper dns ip, and the ServerIP environment variable not being taken.

I saw this Github thread: Top client shows only one IP (which I don't even recognize) · Issue #135 · pi-hole/docker-pi-hole · GitHub but I am not sure if it is completely related (mainly because I am not using a synology nas, I am using an Intel NUC).

My docker-compose.yml file looks like this:

$ cat pihole/docker-compose.yml
version: "3"
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
      - "443:443/tcp"
    environment:
      TZ: 'America/Los_Angeles'
      WEBPASSWORD: 'changeme'
      VIRTUAL_HOST: 'lame'
      ServerIP: '192.168.2.2'
      DNSMASQ_LISTENING: 'ALL'
    volumes:
       - '/media/docker/pihole/etc-pihole/:/etc/pihole/'
       - '/media/docker/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
    dns:
      - 127.0.0.1
      - 192.168.2.2
      - 1.1.1.1
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

On a fresh docker-compose up:

$ docker logs --follow pihole
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
 ::: Starting docker specific checks & setup for docker pihole/pihole
WARNING Misconfigured DNS in /etc/resolv.conf: Two DNS servers are recommended, 127.0.0.1 and any backup server
WARNING Misconfigured DNS in /etc/resolv.conf: Primary DNS should be 127.0.0.1 (found 127.0.0.11)

nameserver 127.0.0.11
options edns0 ndots:0
  [i] Existing PHP installation detected : PHP version 7.0.33-0+deb9u7

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf
chown: cannot access '': No such file or directory
chmod: cannot access '': No such file or directory
chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory
::: Pre existing WEBPASSWORD found
Using custom DNS servers: 1.1.1.1 & 4.4.4.4
DNSMasq binding to default interface: eth0
Added ENV to php:
                        "PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
                        "ServerIP" => "192.168.2.2",
                        "VIRTUAL_HOST" => "lame",
Using IPv4 and IPv6
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
 ::: Docker start setup complete
  [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [✓] Preparing new gravity database
  [i] Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  [✓] Status: Retrieval successful
  [i] Received 57461 domains

  [i] Target: https://mirror1.malwaredomains.com/files/justdomains
  [✓] Status: No changes detected
  [i] Received 26853 domains

  [i] Target: https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
  [✓] Status: No changes detected
  [i] Received 34 domains

  [i] Target: https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
  [✓] Status: No changes detected
  [i] Received 2701 domains

  [✓] Storing downloaded domains in new gravity database
  [✓] Building tree
  [✓] Swapping databases
  [i] Number of gravity domains: 87049 (84609 unique domains)
  [i] Number of exact blacklisted domains: 0
  [i] Number of regex blacklist filters: 0
  [i] Number of exact whitelisted domains: 0
  [i] Number of regex whitelist filters: 0
  [✓] Cleaning up stray matter

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
  Pi-hole version is v5.0 (Latest: v5.0)
  AdminLTE version is v5.0 (Latest: v5.0)
  FTL version is v5.0 (Latest: v5.0)
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting crond
Starting lighttpd
Starting pihole-FTL (no-daemon) as root
[services.d] done.

But what I am seeing is:

Screenshot_20200614-172216
Screenshot_20200614-1722161080×2160 111 KB

What can I do to correct this issue, and get the DHCP Server to hand out the correct information so that DNS and DHCP work for physical clients and Docker clients.

2

Looking through more issues, this seems like it might be relevant:

3

I think this is what you may be looking for:
https://www.electricbrain.com.au/pages/desktop-datacenter-software/pi-hole-docker.php

"5) Change the dnsmasq options to include:

a) dhcp-option=option:dns-server,192.168.0.254

without this pihole adds the container's address (172.17.0.2) to dhcp's DNS server list ahead of the host's address. This is bad since nobody on the LAN can access 172.17.0.2 and so causes clients to timeout before using PiHole's LAN DNS address (which is the host's interface - 192.168.0.254 in this case)."

Hope this helps

4

Seems like you are running your dockered Pi-hole with bridge network configuration that isolates your container into a separate network.

Following electricbrain's explanation, you would need to setup a DHCP relay in your network (if your router can't do that, you'd need additional DHCP relay software) and explicitly configure Pi-hole to distribute the host's IP address as DNS server (instead of its own IP from that isolated network).

Or you could try to configure Docker for a different network mode altogether, see Docker DHCP and Network Modes.