since some weeks I am using Pi-Hole (Docker) and everythings works with (IPv4 and IPv6) but since I am using Pi-hole, I am not able to use the nslookup command in the windows terminal anymore. Here is an example:
The dns-server has the name unKnown but it is the pi-hole server.
The IPv6 address is the IPv6 address from the pi-hole server.
I activated the conditional forwarding in the pi-hole settings.
Other protocols (like. FTP or SSH) are working fine with hostnames.
Does anyone has an idea how to fix the issues with the server name and the name/ip solution?
Thanks in advanced.
Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
In general, you should avoid using a GUA address for Pi-hole.
Pi-hole needs a fixed IP, and with a GUA IPv6, the prefix as well as the interface identifier are likely to change.
By default, Docker is IPv4 only.
If you want IPv6 for a container, you'd have to enable that for Docker's daemon in general as well as for a specific container.
Your observation would suggest that communication between your host OS, the Docker daemon and the container isn't frictionless.
Also note that Docker's IPv6 support could have been breaking network isolation in the past.
It seems Docker tried to address this in the meantime, but it may yet be considered experimental, as explicity allowing some experimental features is recommended by Docker, see Enable IPv6 support | Docker Docs.
But I would recommend to forego IPv6 for Docker altogether.
Your debug log shows you are using a FritzBox router.
Those routers support configuration of distributing an IPv4 DNS server exclusively, while not advertising a DNS server's IPv6 address at all, see e.g. Unresolved ipv6 adress in my top list - #4 by Bucking_Horn.
This would have clients send their DNS requests via IPv4 exclusively, while Pi-hole would still answer any allowed request for an AAAA record with a set of IPv6 addresses, so dual-stack clients would retain their full IPv6 resolution capabilities.
Thanks for the detailed explanations. After I turned off the 3 points from the linked thread, nslookup worked again. Strangely enough, it worked even after I reactivated the points.
It would take a bit until clients pick up that change - it may well fail again once your clients re-learn that IPv6 DNS server address and resume using it.
Even if it would work with IPv6, I'd probably stick with an IPv4 only DNS server address, as it'd make identifying clients in Pi-hole's Query Log less of a hassle.
In the past I used Adguard and only had an IPv4 address assigned and then the advertising etc. was not blocked on smartphones, for example. Since I started using Pi-Hole with IPv6, everything on the smartphones is blocked. This is the reason why I also use IPv6.
As mentioned, you'd also have to be careful to pick a stable IPv6.
A prefix as well as an interface identifier may change frequently/regularly, especially if Temporary Address Extensions (aka Privacy Extensions) are in use (as would be recommended for IPv6 GUAs), and you don't want to update your router's IPv6 DNS settings after every address change.
Your router would have advertised its own IPv6 for DNS back then.
Either advertising one of Pi-hole's IPv6s or not advertising an IPv6 at all would have stopped it from doing so.
Note that you add nothing in DNS functionality by having your router offer an IPv6 address as DNS server in addition to IPv4.
a. Untick Also announce DNSv6 server via router advertisement (RFC 5006) .
b. Tick Disable DHCPv6 server in the FRITZ!Box for the home network and
b.1. choose There are no other DHCPv6 servers for the home network .
Now all the devices only uses the IPv4 as DNS server and the query log looks fine but I have another issue now.
I am not able to update the host device (OpenMediaVault/Debian)
If I run the command apt-get update I am getting the error:
"XY could not be resolved"
XY = the servers for the updates
If I use the fritzbox DNS instead of pi.hole then it works again.
If I disable blocking in Pi-hole it still dont work. I also created a group and add the host device to "bypass" the blocking but this also dont work. It only works if I set the DNS server to the fritzbox. I could deactivate DHCP on the host server and gave him the DNS manually from FritzBox but there should be another solution, or?
I had the same issue with the Portainter Docker, ther I also added the DNS manually from the FritzBox.
