Local resolution returns NXDOMAIN after moving to SSD

fenghole · January 25, 2026, 1:29am

Context

My pihole installation was working with the current configuration, using docker, until I moved the files to another volume, on a SSD, to have better performances.

The whole data directory that is linked through docker was movec using cp -rp to ensure proper rights and ownership of the different directories and files.

I don’t see any error in logs that would point me to an error I would have made, and all other containers migrated the same way had no issue.

Expected Behaviour:

Pihole should return the IP of my locally configured domains, for both A and CNAME records.

Actual Behaviour:

When resolving my local domains, pihole returns an NXDOMAIN, apparently ignoring the dns.host settings.

This happens through dig, nslookup or any browser.

Debug Token:

https://tricorder.pi-hole.net/yMJ37eNP/

My docker compose, just in case:

services:
  pihole:

    cap_drop:
      - "AUDIT_CONTROL"
      - "BLOCK_SUSPEND"
      - "DAC_READ_SEARCH"
      - "IPC_LOCK"
      - "IPC_OWNER"
      - "LEASE"
      - "LINUX_IMMUTABLE"
      - "MAC_ADMIN"
      - "MAC_OVERRIDE"
      - "NET_ADMIN"
      - "NET_BROADCAST"
      - "SYSLOG"
      - "SYS_ADMIN"
      - "SYS_BOOT"
      - "SYS_MODULE"
      - "SYS_NICE"
      - "SYS_PACCT"
      - "SYS_PTRACE"
      - "SYS_RAWIO"
      - "SYS_RESOURCE"
      - "SYS_TIME"
      - "SYS_TTY_CONFIG"
      - "WAKE_ALARM"

    container_name: "pihole"

    entrypoint:
      - "start.sh"

    environment:
      - "WEBPASSWORD=XXXXXXXX"
      - "FTLCONF_ntp_ipv4_active=false"
      - "FTLCONF_ntp_ipv6_active=false"
      - "FTLCONF_ntp_sync_server=0.nl.pool.ntp.org"
      - "FTLCONF_webserver_port=9980,9943s"
      - "PIHOLE_UID=1026"
      - "PIHOLE_GID=101"
      - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
      - "DNSMASQ_USER=pihole"
      - "FTL_CMD=no-daemon"

    hostname: "pihole"

    image: "pihole/pihole:latest"

    ipc: "private"

    labels:
      org.opencontainers.image.created: "2025-11-27T18:41:55.252Z"
      org.opencontainers.image.description: "The official Pi-hole Docker image from pi-hole.net"
      org.opencontainers.image.licenses: "NOASSERTION"
      org.opencontainers.image.revision: "8d7671af35eaf75069e1de88678690ac1abd5a9c"
      org.opencontainers.image.source: "https://github.com/pi-hole/docker-pi-hole"
      org.opencontainers.image.title: "docker-pi-hole"
      org.opencontainers.image.url: "https://github.com/pi-hole/docker-pi-hole"
      org.opencontainers.image.version: "2025.11.1"

    logging:
      driver: "db"
      options: {}

    network_mode: "host"

    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "670:67/udp"
      - "9980:80/tcp"

    restart: "always"

    stdin_open: true

    tty: true

    volumes:
      - "/volume2/docker-ssd/pihole/config:/etc/pihole"
      - "/volume2/docker-ssd/pihole/dnsmask:/etc/dnsmasq.d"

    working_dir: "/"

version: "3.6"

Bucking_Horn · January 25, 2026, 8:40am

That docker compose seems to be reverse engineered from a running container, rather than actually being used to start your Pi-hole container from?

Probably unrelated to your issue, it's surprising that it would contain a ports: section despite using network_mode: "host". In host mode, Docker wouldn't map ports, as the container would share the host's IP and ports directly.

If you'd need to change the port that Pi-hole's embedded webserver would listen on with host mode, your approach of setting FTLCONF_webserver_port would be the correct one.

You should probably consider to remove those Docker port mappings from your Pi-hole container.

With regards to your observation, please share the output of the following commands as run from a client in your network (and not from your Pihole machine):

nslookup pi.hole

nslookup dl.lan

nslookup dl.lan 192.168.1.16

fenghole · January 25, 2026, 12:38pm

The docker conpose file was indeed generated using autocompose, because it was part of the few containers that I’ve created using Synology’s UI before I realised it didn’t use the compose format.

From the symptoms it seemed unrelated, because it listens correctly on the 53 port and replies to DNS queries, except for the local ones, the UI and settings are all here, etc.

pi.hole:

╰─λ nslookup pi.hole
Server:         192.168.1.16
Address:        192.168.1.16#53

Name:   pi.hole
Address: 192.168.1.16
Name:   pi.hole
Address: 2a01:e0a:fa:7ca0:211:32ff:fe99:f538

dl.lan:

╰─λ nslookup dl.lan
Server:         192.168.1.16
Address:        192.168.1.16#53

dl.lan  canonical name = syno.lan.
** server can't find syno.lan: NXDOMAIN

dl.lan w/ forced DNS server:

[🔴] × nslookup dl.lan 192.168.1.16
Server:         192.168.1.16
Address:        192.168.1.16#53

dl.lan  canonical name = syno.lan.
** server can't find syno.lan: NXDOMAIN

Edit:

I’ve reinstalled from scratch with a cleaned up compose file, and reimported my settings.

Same result. Maybe the migration is a coincidence and something was waiting to break already?

Bucking_Horn · January 25, 2026, 2:10pm

Your nslookup results indicate that your client has been using your Pi-hole at 192.168.1.16, at least for those three lookups.
Your debug log showed an IPv6 ULA of fd0f:ee:b0::1 being advertised for DNS, so there is a chance that some DNS requests may be answered by that instead of Pi-hole, which nicely would have explained your observation.

However, that wasn't the case for those nslookups.
Your results indicate that Pi-hole has resolved dl.lan to its syno.lan CNAME target, but it seems unaware of any A or AAAA records for that target, though your debug log suggests an A record should be present.

This would support your suspicion that Pi-hole seems to be...

Your debug log has some related warnings:

-rw-r----- 1 pihole pihole 12K Jan 24 23:34 /var/log/pihole/FTL.log
(…)
   -----tail of FTL.log------
(…)
   2026-01-24 23:18:07.876 UTC [72/T235] WARNING: API: Config item validation failed (key: bad_request, hint: dns.hosts[0]: neither a valid IPv4 nor IPv6 address ("["192.168.1.16"))
   2026-01-24 23:18:29.841 UTC [72/T240] WARNING: API: Config item validation failed (key: bad_request, hint: dns.hosts[0]: neither a valid IPv4 nor IPv6 address ("["192.168.1.16"))

This could suggest some kind of problem with the formatting of the respective pihole.toml entries.

Let's take a look whether pihole-FTL knows about them, and if they have been used to correctly populate the hosts lists.
Please share the results of the following commands as run from within your Pi-hole container:

sudo pihole-FTL --config dns.hosts

sudo grep syno.lan /etc/pihole/hosts/custom.list

fenghole · January 25, 2026, 2:20pm

The warning displayed were me trying to enter them as an array in the settings to see if it changed anything. It wouldn’t let me due to improper formatting.

I will provide the information requested for science, but after switching again from the clean install to my old migrated directory, it seems to be working again for some reason.

I also tried a clean install without any settings imported and just my local entry, still got NXDOMAINS. This makes absolutely no sense but it seems that I’ve got it working somehow.

pihole:/# sudo pihole-FTL --config dns.hosts
[ 192.168.1.16 syno.lan, 10.8.0.1 syno.fenga ]

pihole:/# sudo grep syno.lan /etc/pihole/hosts/custom.list
192.168.1.16 syno.lan