Latest container not working for me

Latest container doesnt seem to work for me. When the container starts I see this in logs:

pihole     | ::: Testing pihole-FTL DNS: FTL started!
pihole     | ::: Testing lighttpd config: Syntax OK
pihole     | ::: All config checks passed, cleared for startup ...
pihole     |  ::: Docker start setup complete
pihole     |   [✗] DNS resolution is currently unavailable

I am not sure how to troubleshoot as my host is set to pull the latest image every night, I am not sure what else could have changed. I am using Ubuntu 20.04 LTS.

This is generally a bad idea - you should use the tagged version images, and then upgrade a container once you have read through all the release notes. So currently you would use :v5.3.4

What does your docker run or docker-compose file look like?

1 Like

I think this may actually be something that has changed in Ubuntu recently. Pulling tag "v5.2.2" gives me the same error.

I also tried spinning up an Ubuntu 18.04 server and I am getting the same error on that host. This is all in AWS by the way. I use packer to move the files onto the host's AMI, then use docker volumes to get the files into the container.

I don't think it's relevant but in case it is: I also spin up an OpenVPN container and use an elasticIP (static IP in AWS) to connect to it from my smartphone. It is also defined in the docker-compose under services, but I omitted it because it is functioning fine.

docker-compose:

version: "2.2"

networks:
  static-network:
    ipam:
      config:
        - subnet: 172.20.0.0/16

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    mem_reservation: 16m
    mem_limit: 256m
    networks:
      static-network:
        ipv4_address: 172.20.0.100
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
      - "443:443/tcp"
    environment:
      - 'TZ=America/Chicago'
      - 'WEBPASSWORD=#lol'
      - 'DNS1=127.0.0.1#5353'
      - 'DNS2='
      - 'DNSMASQ_LISTENING=all'
      - 'ServerIP=172.31.12.87'
      - 'INTERFACE=all'
    volumes:
      - './etc-pihole/:/etc/pihole/'
      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
      - './adlists.list:/etc/pihole/adlists.list'
      - './whitelist.txt:/etc/pihole/whitelist.txt'
      - '/blacklist.txt:/etc/pihole/blacklist.txt'
    dns:
      - 127.0.0.1
      - 8.8.8.8
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

By this, of course, you mean so that you can connect to it via VPN, right?

What is the complete output of the startup log after a docker-compose down && docker-compose up -d && docker logs -f pihole

you mean so that you can connect to it via VPN, right?

Correct. Using a security group, port 53 is only open to the VPN network (defined in the docker-compose file) and NOT the world. Also FWIW port 80 and 443 are only open to my home IP so the admin console is locked down as well.

I believe this may be an upstream thing. I launched a new instance with last month's AMI (without installing latest patches) and am getting the same error there as well. Currently I am configured to use quad 9's DNS servers in my setupVars.conf. I am switching that to Google to see what happens.

Regarding the output you requested:

ubuntu@ip-10-0-1-170:~$ docker-compose down && docker-compose up -d && docker logs -f pihole
Stopping pihole  ... done
Stopping openvpn ... done
Removing pihole  ... done
Removing openvpn ... done
Removing network ubuntu_static-network
Creating network "ubuntu_static-network" with the default driver
Creating openvpn ... done
Creating pihole  ... done
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
 ::: Starting docker specific checks & setup for docker pihole/pihole
  [✓] Update local cache of available packages
  [i] Existing PHP installation detected : PHP version 7.3.19-1~deb10u1

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf
chown: cannot access '': No such file or directory
chmod: cannot access '': No such file or directory
chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory
Converting DNS1 to PIHOLE_DNS_
Setting DNS servers based on PIHOLE_DNS_ variable
::: Pre existing WEBPASSWORD found
DNSMasq binding to custom interface: all
Added ENV to php:
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
			"ServerIP" => "172.31.12.87",
			"VIRTUAL_HOST" => "172.31.12.87",
Using IPv4 and IPv6
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts_without_controversies.txt
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts
https://v.firebog.net/hosts/static/w3kbl.txt
https://v.firebog.net/hosts/BillStearns.txt
https://sysctl.org/cameleon/hosts
https://www.dshield.org/feeds/suspiciousdomains_Low.txt
https://www.dshield.org/feeds/suspiciousdomains_Medium.txt
https://www.dshield.org/feeds/suspiciousdomains_High.txt
https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt
https://hostsfile.org/Downloads/hosts.txt
https://someonewhocares.org/hosts/zero/hosts
https://raw.githubusercontent.com/vokins/yhosts/master/hosts
https://winhelp2002.mvps.org/hosts.txt
https://hosts.nfz.moe/basic/hosts
https://raw.githubusercontent.com/RooneyMcNibNug/pihole-stuff/master/SNAFU.txt
https://ssl.bblck.me/blacklists/hosts-file.txt
https://adaway.org/hosts.txt
https://v.firebog.net/hosts/AdguardDNS.txt
https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://v.firebog.net/hosts/Easylist.txt
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts
https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts
https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts
https://v.firebog.net/hosts/Easyprivacy.txt
https://v.firebog.net/hosts/Prigent-Ads.txt
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt
https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/AmazonFireTV.txt
https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
https://mirror1.malwaredomains.com/files/justdomains
https://v.firebog.net/hosts/Prigent-Malware.txt
https://mirror.cedia.org.ec/malwaredomains/immortal_domains.txt
https://www.malwaredomainlist.com/hostslist/hosts.txt
https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
https://phishing.army/download/phishing_army_blocklist_extended.txt
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
https://v.firebog.net/hosts/Shalla-mal.txt
https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
https://urlhaus.abuse.ch/downloads/hostfile/
https://raw.githubusercontent.com/HorusTeknoloji/TR-PhishingList/master/url-lists.txt
https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser
https://raw.githubusercontent.com/anudeepND/youtubeadsblacklist/master/domainlist.txt
::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
 ::: Docker start setup complete
  [✗] DNS resolution is currently unavailable

Had a tinker about on a WSL instance here...

Do you definitely have something listening on port 5353 on the host? dig @127.0.0.1 -p 5353 google.com, for example, to see what's happening.

Can you switch out the value of DNS to, say, 8.8.8.8 for testing purposes, and that will rule that out.

Also, the DNS1/2 env variables have been deprecated, the favoured approach now is to use the env var PIHOLE_DNS_ with one or more upstream servers in a semicolon delimited list, e.g PIHOLE_DNS=127.0.0.1#5353;8.8.8.8;8.8.4.4;1.1.1.1 etc

Edit : as you're persisting the /etc/pihole volume, there shouldn't be any need to map the adlists.list file, as they will be stored in /etc/pihole/gravity.db (likewise for whitelist.txt and blacklist.txt which no longer exist since Pi-hole 5.0

Ok I got it working! I made a few changes this iteration since packer takes about 15 minutes to build an image and I didnt want to spend all day on this, so I'm not certain exactly where the problem was :wink:

First of all, let me sincerly thank you for your prompt responses and support. That's some incredible customer support right there. :+1:

The command dig @127.0.0.1 -p 5353 google.com, timed out. I went through my configs, and honestly I have no idea why I had that set to listen on that port. I set this all up ages ago, and it probably made perfect sense at the time. I removed the #5353 and also made your suggested changes to the docker-compose file and the container now comes up healthy.

What is the proper procedure for loading pre-configured whitelists and blacklists into the container now? Feel free to just link me to documentation.

Thanks again for the assist!

To be honest, the method you are using still works if gravity.db does not already exist, as there as some scripts that convert the list files into database tables, I'm not sure if there is actually a preferred alternative at this stage

7 posts were split to a new topic: Error: update FTL from 5.3.2 to 5.3.2 failed because of not found file