New to Pi-hole, can't update Gravity

- I don't use Pi-hole as DHCP server
- My router is configured correctly.

My docker-compose.yml for Pi-hole

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
#     - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
    environment:
      TZ: 'Europe/Stockholm'
      WEBPASSWORD: 'NOT_SHARING_THAT
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
#   cap_add:
#     - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: unless-stopped

Expected Behaviour:

I should be able to update Gravity

Actual Behaviour:

I get this when I try
Skärmbild 2024-05-09 204701

What I have tried and ultimately failed with;

..found some post and suggestions (some of them worked for some ppl but none of it in my case)

  • one is to set the actual IP before 53:53/tcp and 53:53/udp in the .yml, in my case it would be "10.0.0.10:53:53/tcp" and then "10.0.0.10:53:53/udp", tried that, restarted the container. It din't help. Restarted the entire system, din't change anything either.
  • the other one was/is to edit the /etc/resolv.conf, I went down that road, din't help.
    I even combined both solutions, same result, problem remains.

Here is how the default output for my /etc/resolv.conf

cat /etc/resolv.conf

# Generated by NetworkManager
nameserver 10.0.0.10
nameserver 10.0.0.1

and the files/foders with in Pi-hole working directory

ls -al $HOME/docker/pi-hole/

drwxr-xr-x 4 pi   pi   4096 May  9 20:51 .
drwxr-xr-x 9 pi   pi   4096 May  9 03:38 ..
-rw-r--r-- 1 pi   pi    857 May  9 20:37 docker-compose.yml
drwxr-xr-x 2 root root 4096 May  9 20:38 etc-dnsmasq.d
drwxrwxr-x 3  999 pi   4096 May  9 21:07 etc-pihole

reason for edit
I found even more logs and though maybe this will be useful

[i] Starting docker specific checks & setup for docker pihole/pihole
  [i] Setting capabilities on pihole-FTL where possible
  [i] Applying the following caps to pihole-FTL:
        * CAP_CHOWN
        * CAP_NET_BIND_SERVICE
        * CAP_NET_RAW
  [i] Ensuring basic configuration by re-running select functions from basic-install.sh
  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [i] Installing /etc/dnsmasq.d/01-pihole.conf...
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [i] Installing /etc/.pihole/advanced/06-rfc6761.conf...
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
  [i] Installing latest logrotate script...
	[i] Existing logrotate file found. No changes made.
  [i] Assigning password defined by Environment Variable
  [✓] New password set
  [i] Added ENV to php:
                    "TZ" => "Europe/Stockholm",
                    "PIHOLE_DOCKER_TAG" => "",
                    "PHP_ERROR_LOG" => "/var/log/lighttpd/error-pihole.log",
                    "CORS_HOSTS" => "",
                    "VIRTUAL_HOST" => "43cdf10a7c0a",
  [i] Using IPv4 and IPv6
  [i] Installing latest Cron script...
  [✓] Installing latest Cron script
  [i] Preexisting ad list /etc/pihole/adlists.list detected (exiting setup_blocklists early)
  [i] Existing DNS servers detected in setupVars.conf. Leaving them alone
  [i] Applying pihole-FTL.conf setting LOCAL_IPV4=0.0.0.0
  [i] FTL binding to default interface: eth0
  [i] Enabling Query Logging
  [i] Testing lighttpd config: Syntax OK
  [i] All config checks passed, cleared for startup ...
  [i] Docker start setup complete
  [i] pihole-FTL (no-daemon) will be started as pihole
s6-rc: info: service _startup successfully started
s6-rc: info: service pihole-FTL: starting
s6-rc: info: service pihole-FTL successfully started
s6-rc: info: service lighttpd: starting
s6-rc: info: service lighttpd successfully started
s6-rc: info: service _postFTL: starting
s6-rc: info: service _postFTL successfully started
s6-rc: info: service legacy-services: starting
  Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
s6-rc: info: service legacy-services successfully started
  [✗] DNS resolution is currently unavailable
/opt/pihole/gravity.sh: line 362: echo: write error: Broken pipe
/opt/pihole/gravity.sh: line 362: echo: write error: Broken pipe
/opt/pihole/gravity.sh: line 362: echo: write error: Broken pipe
/opt/pihole/gravity.sh: line 362: echo: write error: Broken pipe
/opt/pihole/gravity.sh: line 362: echo: write error: Broken pipe
/opt/pihole/gravity.sh: line 362: echo: write error: Broken pipe
/opt/pihole/gravity.sh: line 362: echo: write error: Broken pipe
/opt/pihole/gravity.sh: line 362: echo: write error: Broken pipe

Dockered Pi-hole needs a working DNS server to update gravity on start, just add dns section to your docker compose file:

services:
  pihole:
     ...
     dns:
      - 127.0.0.1
      - 1.1.1.1
      - 1.0.0.1

Replace Cloudflare's DNS servers with ones of your choice.

Also you should set Pi-hole's IP in your router's LAN -> DHCP Server page otherwise you will not see individual clients names and addresses in the Pi-hole statistics.
Also make sure "Advertise router's IP in addition to user-specified DNS" is not turned on.

So,

  • Advertise router's IP in addition to user-specified DNS is already on (set to "yes")
  • Manually Assigned IP around the DHCP list (in my case) yes that is already configured and specified as well (I have the statistics and overview in the WebUI of all the clients in the network)

Since you are suggesting that I should replace the Cloudflare DNS, then I assume I have change that default value of who Pi-hole is configured by default(?) I don't remember having don anything like that.

Furthermore, can't this be set/changed from with in the UI of Pi-hole? Obviously I much prefer having it specified in the .yml

Thank you for the input and guidance!

The dns section in the yml is for container only so that any application running inside it will use those servers to resolve domains, I believe this outputs to resolv.conf.
It's a separate setting from Pi-hole's upstream DNS.

I believe your router configuration is a bit flawed though:

  • by setting Pi-hole IP on the WAN page you make router use Pi-hole DNS for everything internally (nothing wrong with this)
  • by setting Pi-hole IP on the DHCP page you also push Pi-hole IP to DHCP clients (this is good)
  • by having "Advertise router's IP" turned on you also push router's IP to DHCP clients (router will proxy the queries, causes problems)

In that configuration DHCP clients will query both the router and your Pi-hole.
If client hits router's IP then it will show up as router in the Pi-hole statistics, this will prevent Pi-hole from correctly identifying clients.

TLDR: You want to set Pi-hole's IP on DHCP page and keep the "Advertise router's IP" option off.
You can keep Pi-hole IP on the WAN page.

Ah ok, that clears things up, thank you for spending your valuble time explaning, I really appricite the advice!

So I changed the Advertise router's IP in addition to user-specified DNS to no and then restarted everything and guess what, everything runs and seem to be working, including the initial problem that started this post.

 [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [✓] Preparing new gravity database
  [✓] Creating new gravity databases
  [i] Using libz compression

  [i] Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  [✓] Status: No changes detected
  [✓] Parsed 128271 exact domains and 0 ABP-style domains (ignored 1 non-domain entries)
      Sample of non-domain entries:
        - "0.0.0.0"


  [✓] Building tree
  [✓] Swapping databases
  [✓] The old database remains available
  [i] Number of gravity domains: 128271 (128271 unique domains)
  [i] Number of exact blacklisted domains: 0
  [i] Number of regex blacklist filters: 0
  [i] Number of exact whitelisted domains: 0
  [i] Number of regex whitelist filters: 0
  [✓] Cleaning up stray matter

  [✓] FTL is listening on port 53
     [✓] UDP (IPv4)
     [✓] TCP (IPv4)
     [✓] UDP (IPv6)
     [✓] TCP (IPv6)

  [✓] Pi-hole blocking is enabled

So you thing I should go ahead and add the DNS settings to the .yml now or should I keep my fingers away since things are actually working? :slight_smile:

Monitor situation and add it when the issue comes back.