Hello, thanks a lot for your help in advance and for your involvement in this project in general.
The issue I am facing:
I have 2 instances of Pi-Hole, one dockerized and the other on a Raspberry, and the docker one cannot resolve local records (general DNS resolution works fine).
Details about my system:
192.168.1.24 is my raspberry pi instance, 192.168.1.251 is my docker instance.
I can get the raspberry pi instance to resolve local records, but not the docker one:
dig pi.hole @192.168.1.251
; <<>> DiG 9.10.6 <<>> pi.hole @192.168.1.251
;; global options: +cmd
;; connection timed out; no servers could be reached
dig pi.hole @192.168.1.24
; <<>> DiG 9.10.6 <<>> pi.hole @192.168.1.24
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13425
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 1d 73 79 6e 74 68 65 73 69 7a 65 64 ("..synthesized")
;; QUESTION SECTION:
;pi.hole. IN A
;; ANSWER SECTION:
pi.hole. 0 IN A 192.168.1.24
;; Query time: 1 msec
;; SERVER: 192.168.1.24#53(192.168.1.24)
;; WHEN: Wed May 06 14:29:37 CEST 2026
;; MSG SIZE rcvd: 69
However, generic resolution works fine with the docker instance:
dig google.com
; <<>> DiG 9.10.6 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39296
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 281 IN A 74.125.29.113
google.com. 281 IN A 74.125.29.139
google.com. 281 IN A 74.125.29.102
google.com. 281 IN A 74.125.29.100
google.com. 281 IN A 74.125.29.138
google.com. 281 IN A 74.125.29.101
;; Query time: 9 msec
;; SERVER: 192.168.1.251#53(192.168.1.251)
;; WHEN: Wed May 06 14:30:27 CEST 2026
;; MSG SIZE rcvd: 135
I know the docker instance runs in a subnet so I set up dns.listeningMode to ALL, but I still can't get any local record to resolve. Please note that if I setup dns.listeningMode to LOCAL then it's the same behavior but I get an explicit error in Pi-hole diagnosis. With ALL, no error at all on pi-hole's side.
What I have changed since installing Pi-hole:
Here is my compose.yaml file:
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
# DNS Ports
- "53:53/tcp"
- "53:53/udp"
# Default HTTP Port
- "8000:80/tcp"
# Default HTTPs Port. FTL will generate a self-signed certificate
- "4430:443/tcp"
# Uncomment the below if using Pi-hole as your DHCP Server
- "67:67/udp"
# Uncomment the line below if you are using Pi-hole as your NTP server
#- "123:123/udp"
environment:
# Set the appropriate timezone for your location from
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, e.g:
TZ: 'Europe/Zurich'
# Set a password to access the web interface. Not setting one will result in a random password being assigned
FTLCONF_webserver_api_password: 'redacted'
# If using Docker's default `bridge` network setting the dns listening mode should be set to 'ALL'
#FTLCONF_dns_listeningMode: 'ALL'
# Volumes store your data between container upgrades
volumes:
# For persisting Pi-hole's databases and common configuration file
- './etc-pihole:/etc/pihole'
# Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
#- './etc-dnsmasq.d:/etc/dnsmasq.d'
cap_add:
# See https://docs.pi-hole.net/docker/configuration/#note-on-capabilities
# Required if you are using Pi-hole as your DHCP server, else not needed
- NET_ADMIN
# Required if you are using Pi-hole as your NTP client to be able to set the host's system time
- SYS_TIME
# Optional, if Pi-hole should get some more processing time
- SYS_NICE
restart: unless-stopped
Aside from that, the only relevant setting I changed (that I'm aware of) is dns.listeningMode (it's commentated in the compose.yaml file because I wanted to test how other option behaved.
I'm a bit lost (it might be possible it has to do with why I'm unable to use my docker instance as DHCP server), I'd really appreciate any help. Thanks again in advance!
