Github wont resolve on boot

gomeology · October 16, 2023, 4:15pm

during docker compose up -d

fatal: unable to access 'https://github.com/pi-hole/pi-hole/': Could not resolve host: github.com
fatal: unable to access 'https://github.com/pi-hole/web/': Could not resolve host: github.com
fatal: unable to access 'https://github.com/pi-hole/FTL/': Could not resolve host: github.com

but in the container....
pihole6:/# dig github.com

; <<>> DiG 9.18.19 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37129
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: cfee030cc61cc461 (echoed)
;; QUESTION SECTION:
;github.com.                    IN      A

;; ANSWER SECTION:
github.com.             48      IN      A       140.82.113.4

;; Query time: 20 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Mon Oct 16 12:14:29 EDT 2023
;; MSG SIZE  rcvd: 67

EDIT: reply when busy is set to ALLOW

DanSchaper · October 16, 2023, 7:39pm

What's your compose file? Are you setting a DNS server using either the FTL configuration or with dns flags for docker?

gomeology · October 16, 2023, 7:48pm

currently the containers dns variable is set to 127.0.0.1 but ive tried removing it and set the ip of cloudflared directly, tried 1.1.1.1. Same things happens.

I have noticed that while the container is starting if i go interactive dns will not work for pihole itself. Once the container is fully booted dns will resolve internally. To make it more clear I dont get internal resolution in pihole till i see [186M] INFO: Blocking status is enabled in the logs.

  pihole6:
    build:
      context: https://github.com/pi-hole/docker-pi-hole.git#development-v6:/src
      no_cache: true
      network: host
    image: build_pihole6
    container_name: pihole6
    hostname: pihole6
    networks:
      dnet:
        ipv4_address: '172.22.0.53'
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    environment:
      TZ: 'America/New_York'
      FTLCONF_dns_dnssec: 'True'
      PIHOLE_UID: 1000
      PIHOLE_GID: 1000
      DNSMASQ_USER: pihole
      FTLCONF_dns_upstreams: 'cloudflared#5054'
      FTLCONF_dns_listeningMode: all
      FTLCONF_webserver_api_temp_unit: 'F'
      VIRTUAL_HOST: 'pihole6.example.dev'
      TAIL_FTL_LOG: 1
      SKIPGRAVITYONBOOT: 1
      IPv6: false
    volumes:
      - '$DOCKER_DIR/pihole6:/etc/pihole'
      - '$DOCKER_DIR/pihole6/log:/var/log/pihole'
    restart: unless-stopped
    dns: 127.0.0.1

DanSchaper · October 16, 2023, 7:59pm

The dig output from the first post shows 127.0.0.11 as the server that responded. That's the docker nameserver and I'm guessing your using that to be able to resolve container names, it looks like you are using the cloudflared container name for an upstream and only docker's nameserver can resolve that.

I wouldn't expect you to be able to resolve with ftl while ftl is still spooling up, even if you change the blocking status. Using ftl inside the container to resolve itself is going to be tricky and prone to breaking.

What does the /etc/resolv.conf look like inside the running container? And what do the config files look like? Some of the variables will stick around if you set them in the past and did not clear or remove them from the configuration files (the actual .conf) files.

gomeology · October 17, 2023, 9:56am

pihole6:/# cat /etc/resolv.conf
search lab
nameserver 127.0.0.11
options ndots:0

ok i understand. Is their a way to specify port 5054 in the dns for the container? I am guessing its is checking for updated when running these curls, will pihole recheck for updated repos after its initialized? is it cronjobed? or do i have to run pihole updatechecker. Not sure if it is meant to not give any output but im not seeing anything when i run it.

yubiuser · October 17, 2023, 8:08pm

There is no output. It will only update /etc/pihole/versions

Yes. I think once a day.