Hostname in Pi-hole for Docker containers

pond0353 · June 17, 2025, 8:36pm

The issue I am facing:
I have my own selfhosted Ubuntu server that runs a lot of Docker containers. The applications that run on the server can be reached by https://[applications].example.com, via a reversed proxy, but only within my local network. This is set up using Cloudflare to get a Let's Encrypt Certificate and Nginx Proxy Manager as proxy manager. Everything works fine and I can reach all my applications using the given URL. For example, PortNote is reached trough https://portnote.example.com.

Network traffic is routed trough Pi-hole that also runs on a Docker container together with Unbound. Both run at the local hosted selfhosted server Everything on my network resolves trough my DNS server. So for all my docker containers I've changed the file /etc/docker/daemon.json to set my DNS to Pi-hole. Also in my Asus router, my DNS server within LAN > DHCP server is setup to Pi-hole. My router still manages my DHCP though.

Within Pi-hole I have the following settings:
Local DNS
nginx.example.com > [local IP server]

CNAME records
pihole.example.com > nginx.example.com
portnote.example.com > nginx.example.com
[application].example.com > nginx.example.com

Nginx Proxy Manager is set up as follows:
pihole.example.com > [local IP server]:8080
portnote.example.com > [local IP server]:3123
[application].example.com > [local IP server]:[port number]

Everything works as expected and all my local addresses have aan SSL certificate, which is why I set it up this way. Also ads are blocked and my traffic is routed trough Unbound. What I notice though is that the clients displayed withing Pi-hole are mostly IP-addresses from their respective docker network. So for example: One of the clients is 192.168.192.2 which is the Docker container running Home Assistant. I would like to see the actual hostname instead of the IP-address. Is there any way to change these clients to show the real name?

Details about my system:
This is the docker compose file that I use to get my Pi-hole running:

services:
  pihole:
    container_name: pihole
    image: "pihole/pihole:latest"
    volumes:
      - "/home/server/docker/pihole/etc/pihole:/etc/pihole"
    environment:
      - "TZ=[TimeZone]"
      - "FTLCONF_dns_listeningMode=all"
      - "FTL_CONF_dns_upstreams= 127.0.0.1#5335"
      - "FTLCONF_webserver_port=8080o,[::]:8080o,8443os,[::]:8443os"
    restart: unless-stopped
    network_mode: host
    cap_add:
      - "SYS_TIME"

  unbound:
    container_name: unbound
    image: "mvance/unbound:latest"
    volumes:
      - "/home/server/docker/unbound/opt/unbound/etc/unbound:/opt/unbound/etc/unbound"
      - "/home/server/docker/unbound/opt/unbound/etc/unbound/unbound.conf:/opt/unbound/etc/unbound/unbound.conf"
    restart: unless-stopped
    network_mode: service:pihole

What I have changed since installing Pi-hole:
I have setup my DNS domain settings as "lan" and conditional forwarding is also setup for my lan network. This makes that my local devices such as my phone or pc are shown with their device name instead of their IP. But I think this wouldn't work with Docker since these networks are way wider.

Thanks in advance for you help

Ladrien · June 17, 2025, 11:10pm

Due to docker's routing, you'd have to create a custom MACVLAN or IPVLAN and assign the containers an IP in your local subnet for pi-hole to show the non-docker-bridge IP.

MACVLAN is used when you need L2 access for containers. If your containers just need L3 or above, I recommend IPVLAN.

Bucking_Horn · June 18, 2025, 9:46am

Docker would default to assign IPs from the 172.16.0.0/12 range.
Is 192.168.192.2 really a Docker internal IP in your case?

In any case, as long as that IP is statically assigned, you could just add a local DNS record for 192.168.192.2 to your Pi-hole.

pond0353 · July 6, 2025, 1:33pm

I changed my docker containers to IPVLAN l3, but all in other subnets. So Pi-hole is in 192.168.6.x and Portnote is 192.168.8.x. They all still work as expected, but Pi-hole still only shows IP addresses. Is there something else I should set up in my Pi-hole settings after changing to IPVLAN?

Ladrien · July 6, 2025, 5:55pm

If you have conditional forwarding set up, it should just work. Could you try to do nslookup <client hostname> <dhcp server ip> to see if your DHCP server is responding back to pi-hole during conditional lookups?

I believe there is also a pi-hole setting related to the network table that you have to enable. (it's on by default)

pond0353 · July 7, 2025, 12:42am

nslookup gave the following reply:
Server: pi.hole
Address: [local IP Pi-hole]

Name: nginx.example.com
Address: [local IP Nginx Proxy Manager]
Aliases: portnote.example.com

The strange thing is that if I look at the query log the names are shown under domains. But the client only shows the IP of the Docker container. Devices that are directly connected to my router (my phone, laptop etc.) are given a name on the client side. These are names like phone.lan and laptop.lan. I think this happens because of the DNS domain settings within Pi-hole. There the domain is set to lan. Also conditional forwarding in Pi-hole is set as follows:
true,192.168.0.0/16,[local IP router],lan

Did I miss something in these settings?