I'm having trouble connecting my other Docker Containers to the Pi-hole container for DNS resolution. Port 53 is published to the docker host, and the other Containers know to look for a DNS resolver in the local physical network (this actually being the docker host system itself).
Additional info: the Pi-hole container (10.0.0.2) has it's own bridge network (gateway 10.0.0.1)
The connection in one direction is working fine, I see all requests being resolved by the Pi-hole container. But the responses aren't returned correctly. As seen from the Pi-hole container the requests look like they're coming from the local gateway address (10.0.0.1), this is the same address when the docker host sends a DNS request.
I can bypass this issue by adding all containers to the Pi-hole bridge network (10.0.0.x), and setting the DNS address of all containers to 10.0.0.2. But this means I'm overwriting/ignoring the DNS server settings imposed by the DHCP server of the physical network. (/etc/resolv.conf of the docker host).
Another fix would be adding a secondary DNS server, but I really want to prevent non-Pi-holed DNS requests. As such I've configured my router to completely block port 53, block all communication to 220.127.116.11, 18.104.22.168, ... on all possible DOH ports. And I've only whitelisted 22.214.171.124 requests on port 443 coming from my Pi-Hole => Resulting in a very strict firewall.
I know this isn't an actual Pi-hole issue, but since it's related I was wondering if someone knew a fix for this?