Expected Behaviour:
Installed PiHole on my NAS and set a bridged connection with it's own IP address for the container in docker. Set the upstream DNS server to my router (Ubiquiti UDM Pro). Set the router to provide the PiHole IP DNS via DHCP to clients. Network settings for my NAS have my ISP's preferred DNS servers, as does the router. Before trying my ISPs DNS servers I also tried Google's (8.8.8.8 and 8.8.4.4).
- Operating System (Family and Version)
- Hardware
- Docker compose
-
docker execution from Unraid
-d
--name='binhex-official-pihole'
--net='br0'
--ip='192.168.1.5'
--pids-limit 2048
-e TZ="America/Los_Angeles"
-e HOST_OS="Unraid"
-e HOST_HOSTNAME="PoopyServer"
-e HOST_CONTAINERNAME="binhex-official-pihole"
-e 'TCP_PORT_80'='8155'
-e 'TCP_PORT_53'='53'
-e 'UDP_PORT_53'='53'
-e 'UDP_PORT_67'='67'
-e 'DNSMASQ_LISTENING'='all'
-l net.unraid.docker.managed=dockerman
-l net.unraid.docker.webui='http://[IP]:[PORT:80]/admin'
-l net.unraid.docker.icon='https://raw.githubusercontent.com/binhex/templates/main/unraid/binhex/images/official-pihole-icon.png'
-v '/mnt/user/appdata/official-pihole/pihole':'/etc/pihole':'rw'
-v '/mnt/user/appdata/official-pihole/pihole/dnsmasq':'/etc/dnsmasq.d':'rw'
--cap-add NET_ADMIN 'pihole/pihole'
7e427cf997d791ff0e7cf86461cf274d85082f2faf6835878dfb472be56eda00
The command finished successfully!
- Docker engine version
Actual Behaviour:
First issue is frequent inability to connect to the PiHole dashboard from my iPhone. During this time I can still connect from two different Windows PCs. I am always able to connect to the NAS server via its IP. Note that this is an intermittent fault. Sometimes I'm able to connect from the iPhone. Unsure if this is related, but I can never see the PiHole server in the Unifi (router) dashboard under it's own IP. I can always see the NAS server.
Next issue it the intermittent failure to load web pages. Looking into the query log I see a large number of failures to get a response from the upstream server. I'm also seeing a few connection errors. This happens on multiple devices (basically all) and prevents me from accessing these sites.
Query Status: Forwarded to 192.168.1.1#53
Reply: No reply received
| CONNECTION_ERROR |
Connection error (192.168.1.1#53): TCP connection failed (Operation in progress) |
|
|
Debug Token:
Ran pihole -dand it gave me a debug log. I typed "y" and hit enter. No further output received.
Thanks for any help!
If you are using the official Pi-hole image, all these variables are invalid.
DNSMASQ_LISTENING was replaced by FTLCONF_dns_listeningMode when Pi-hole v6 was released, more than one year ago.
The other variables were never part of Pi-hole.
Also, this is not how you publish port using docker run command. You should use the -p option, instead of using variables:
-p 53:53/tcp
-p 53:53/udp
-p 8155:80
Please check our documentation. There is a docker run example right after the compose file.
Is this an issue with the Unraid version then? I added the most official version I could find and that's what the defaults are. How do I change the variables to make it look like what is shown in the example?
That's why I said "If you are using the official Pi-hole image" above.
Pi-hole doesn't have a version for Unraid.
If you are using a third party app from Unraid, you will need to ask for help on Unraid forums.
Sorry, this is confusing since I'm not coming from a Linux/Docker background. So the app I showed is considered third party and PiHole isn't actually supported on Unraid?
I guess that's news to me as I see most of the guides and walkthroughs for Unraid apps reference this method of installation.
I don't know. I never used Unraid.
Pi-hole team didn't develop the Unraid app you are trying to use.
Apparently this is a docker image (created by Unraid developers or user) that uses Pi-hole, but I don't know how to help you, since the intermittent errors apparently are related to a local network issue, or related to this third party app.
Without the debug log, I can't understand what is the real issue and I'm not sure if I will be able to suggest a fix.
Is Unraid paid or free? Do they offer support?
Did you try to contact the app developer?
Because your Docker Network Type is the default NAT setup instead of MACVLAN 
Port 80 being translated to 8155 clearly shows that.
MACVLAN gives each Docker Container it's own IPv4 Address on your LAN instead of sharing the IPv4 Address of your UNRAID NAS like it is now.
Unfortunately I didn't receive a token after the debug log ran. I typed "y" when it asked whether I wanted to upload, but it stopped there.
Is Unraid paid or free? Do they offer support?
Did you try to contact the app developer?
I did pay for a license. I'm not sure how much they support Docker containers directly vs the NAS software itself. I guess I'll find out.
I posted in their forum after seeing your responses so I guess we'll see. They have a specific container support forum, but it seems this "official" container doesn't have it's own thread.
Interesting... I changed it to IPVLAN from MACVLAN as that was the recommendation from many forum posts. Based on those posts and a few guides, I thought IPVLAN would allow each container to have it's own IP address (which is what I wanted), while MACVLAN would have set them to the same IP address with different MACs. Perhaps I misunderstood the application.
Do you think that could be the cause of the errors I was seeing (router thinking the MAC address was being spoofed and failing to respond)?
Have a look at this explanation : https://ipwithease.com/macvlan-vs-ipvlan-understand-the-difference/
It gives you a nice and simple comparison of the two 
Before I posted this question I read other posts that advised using IPvlan to assign multiple IP addresses to the server. I read through your link but it's not 100% clear why IPvlan won't work.
The text below doesn't give enough context to understand whether using one or the other would be recommended/required for this implementation, other than "harder setup".
MacVLAN vs IPvlan
As a general rule, IPvlan should be used in scenarios where some switches restrict the maximum number of mac addresses per physical port because of the port security setup. MacVLAN needs to be used in projects where a common DHCP server is used, because the DHCP server would need a unique mac address which IPvlan does not have.
MacVLAN is easy to set up, on the other hand IPvlan is not as easy as advanced router configuration is required.
Is the table below what I need to refer to specifically? That each container needs to be a separate device, and that can only be accomplished by MACVLAN?
Tried MACVLAN, but the container failed to run.
docker run
-d
--name='binhex-official-pihole'
--net='br0'
--ip='192.168.1.5'
--pids-limit 2048
-e TZ="America/Los_Angeles"
-e HOST_OS="Unraid"
-e HOST_HOSTNAME="PoopyServer"
-e HOST_CONTAINERNAME="binhex-official-pihole"
-e 'TCP_PORT_80'='8155'
-e 'TCP_PORT_53'='53'
-e 'UDP_PORT_53'='53'
-e 'UDP_PORT_67'='67'
-e 'DNSMASQ_LISTENING'='all'
-l net.unraid.docker.managed=dockerman
-l net.unraid.docker.webui='http://[IP]:[PORT:80]/admin'
-l net.unraid.docker.icon='https://raw.githubusercontent.com/binhex/templates/main/unraid/binhex/images/official-pihole-icon.png'
-v '/mnt/user/appdata/official-pihole/pihole':'/etc/pihole':'rw'
-v '/mnt/user/appdata/official-pihole/pihole/dnsmasq':'/etc/dnsmasq.d':'rw'
--cap-add NET_ADMIN 'pihole/pihole'
cfa1725acb41e03622699321593681a6080788da9f20ec5f9b3032b5c9d3943b
docker: Error response from daemon: failed to set up container networking: failed to create the macvlan port: device or resource busy
Run 'docker run --help' for more information
The command failed.
