Pi-hole container not working

Hi!
I am trying to test Pi-Hole on my MacOS using docker containers. For that, I have this compose file:

services:
    pihole:
        container_name: pihole
        image: pihole/pihole:2024.07.0
        restart: unless-stopped
        cap_add:
            - NET_ADMIN
        ports:
            - 5333:53/tcp
            - 5333:53/udp
            - 6777:67/udp
            - 8001:80/tcp
        environment:
            - TZ=America/Sao_Paulo
            - DNSMASQ_USER=root
        volumes:
            - ./pihole/etc-pihole:/etc/pihole
            - ./pihole/etc-dnsmasq.d:/etc/dnsmasq.d

I just modified the host ports so that I don't have to worry for now with other services that might be using those ports.

With that compose file, I run this command:

$ docker compose up -d

And unfortunately the result from docker logs -f pihole is this:

❯ docker compose up
[+] Running 2/2
 βœ” Network rpi_default  Created                                                                                                                                       0.1s 
 βœ” Container pihole     Created                                                                                                                                       0.1s 
Attaching to pihole
pihole  | s6-rc: info: service s6rc-oneshot-runner: starting
pihole  | s6-rc: info: service s6rc-oneshot-runner successfully started
pihole  | s6-rc: info: service fix-attrs: starting
pihole  | s6-rc: info: service fix-attrs successfully started
pihole  | s6-rc: info: service legacy-cont-init: starting
pihole  | s6-rc: info: service legacy-cont-init successfully started
pihole  | s6-rc: info: service cron: starting
pihole  | s6-rc: info: service cron successfully started
pihole  | s6-rc: info: service _uid-gid-changer: starting
pihole  | s6-rc: info: service _uid-gid-changer successfully started
pihole  | s6-rc: info: service _startup: starting
pihole  |   [i] Starting docker specific checks & setup for docker pihole/pihole
pihole  |   [i] Setting capabilities on pihole-FTL where possible
pihole  |   [i] Applying the following caps to pihole-FTL:
pihole  |         * CAP_CHOWN
pihole  |         * CAP_NET_BIND_SERVICE
pihole  |         * CAP_NET_RAW
pihole  |         * CAP_NET_ADMIN
pihole  |   [i] Ensuring basic configuration by re-running select functions from basic-install.sh
pihole  | 
pihole  |   [i] Installing configs from /etc/.pihole...
pihole  |   [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [βœ“] Installed /etc/dnsmasq.d/01-pihole.conf
  [βœ“] Installed /etc/dnsmasq.d/06-rfc6761.conf
pihole  | 
pihole  | sed: couldn't open temporary file /etc/pihole/sedcRHggR: Permission denied
  [βœ“] Installing latest logrotate script
pihole  |   [i] Creating empty /etc/pihole/setupVars.conf file.
pihole  |   [i] Assigning random password: wcz4S8ws
pihole  |   [βœ“] New password set
pihole  |   [i] Added ENV to php:
pihole  |                     "TZ" => "America/Sao_Paulo",
pihole  |                     "PIHOLE_DOCKER_TAG" => "",
pihole  |                     "PHP_ERROR_LOG" => "/var/log/lighttpd/error-pihole.log",
pihole  |                     "CORS_HOSTS" => "",
pihole  |                     "VIRTUAL_HOST" => "b6d194d3786e",
pihole  |   [i] Using IPv4 and IPv6
pihole  | 
  [βœ“] Installing latest Cron script
pihole  |   [i] setup_blocklists now setting default blocklists up: 
pihole  |   [i] TIP: Use a docker volume for /etc/pihole/adlists.list if you want to customize for first boot
pihole  |   [i] Blocklists (/etc/pihole/adlists.list) now set to:
pihole  | https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
pihole  |   [i] Configuring default DNS servers: 8.8.8.8, 8.8.4.4
pihole  |   [i] Applying pihole-FTL.conf setting LOCAL_IPV4=0.0.0.0
pihole  |   [i] FTL binding to default interface: eth0
pihole  |   [i] Enabling Query Logging
pihole  | sed: couldn't open temporary file /etc/dnsmasq.d/sedmAgLeX: Permission denied
pihole  | s6-rc: info: service _startup successfully started
pihole  | s6-rc: info: service pihole-FTL: starting
pihole  | s6-rc: info: service pihole-FTL successfully started
pihole  | s6-rc: info: service lighttpd: starting
pihole  | s6-rc: info: service lighttpd successfully started
pihole  | s6-rc: info: service _postFTL: starting
pihole  | s6-rc: info: service _postFTL successfully started
pihole  | s6-rc: info: service legacy-services: starting
pihole  |   Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
pihole  | s6-rc: info: service legacy-services successfully started
pihole  |   [i] Creating new gravity database
pihole  |   [i] Migrating content of /etc/pihole/adlists.list into new database
pihole  |   [i] Neutrino emissions detected...
  [βœ“] Pulling blocklist source list into range
pihole  | 
  [βœ“] Preparing new gravity database
  [βœ“] Creating new gravity databases
pihole  |   [i] Using libz compression
pihole  | 
pihole  |   [i] Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
pihole  |   [i] Status: Pending...Stopping pihole-FTL
pihole  | pihole-FTL: no process found
  [βœ“] Status: Retrieval successful
pihole  | sed: couldn't open temporary file /etc/pihole/sedVnetDN: Permission denied
  [βœ“] Parsed 0 exact domains and 0 ABP-style domains (ignored 128572 non-domain entries)
pihole  |       Sample of non-domain entries:
pihole  |         - "# title: stevenblack/hosts"
pihole  |         - "#"
pihole  |         - "# this hosts file is a merged collection of hosts from reputable sources,"
pihole  |         - "# with a dash of crowd sourcing via github"
pihole  |         - "# date: 06 december 2024 14:32:23 (utc)"
pihole  | 
pihole  | 
  [βœ“] Building tree
  [βœ“] Swapping databases
pihole  |   [βœ“] The old database remains available
pihole  |   [i] Number of gravity domains: 0 (0 unique domains)
pihole  |   [i] Number of exact blacklisted domains: 0
pihole  |   [i] Number of regex blacklist filters: 0
pihole  |   [i] Number of exact whitelisted domains: 0
pihole  |   [i] Number of regex whitelist filters: 0
  [βœ“] Cleaning up stray matter
pihole  | 
pihole  |   [βœ—] DNS service is NOT running
pihole  | 
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  |   Pi-hole version is v5.18.3 (Latest: v5.18.3)
pihole  |   web version is v5.21 (Latest: v5.21)
pihole  |   FTL version is v5.25.2 (Latest: v5.25.2)
pihole  |   Container tag is: 2024.07.0
pihole  | 
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found
pihole  | Stopping pihole-FTL
pihole  | pihole-FTL: no process found

This output goes infinitely, what should I do to have it working?

There are 2 things happening here.

1. Docker Desktop volume issue:

I think you have the same issue described in this topic:

There is an issue between sed (running inside the container) and the filesystem used to store the volumes used by Docker Desktop (MacOS and Windows), causing a permission issue:

Please read the topic above and change your compose file accordingly.

2. Wrong ports:

These ports won't work. You need to configure 53:53/tcp and 53:53/udp.
You also need to disable the service using port 53 on the host.

Your devices will send DNS queries only to port 53 (they have no idea there is a DNS server at port 5333).
If you use these ports, no devices will be able to use Pi-hole.

1 Like

although ... some DHCP servers will allow you to configure custom DNS port to tell your DHCP clients about and could work around that ... but it is a stretch

1 Like

Thank you, that worked!

I very much doubt that.

RFC2132 defines the Domain Name Server Option as a list of 4 octets/IPv4 addresses - no ports:

The code for the domain name server option is 6.  The minimum length
for this option is 4 octets, and the length MUST always be a multiple
of 4.

 Code   Len         Address 1               Address 2
+-----+-----+-----+-----+-----+-----+-----+-----+--
|  6  |  n  |  a1 |  a2 |  a3 |  a4 |  a1 |  a2 |  ...
+-----+-----+-----+-----+-----+-----+-----+-----+--

I am not aware of any DNS server port options for the DHCP protocol.

Could you give an example of such a DHCP server, or point us to the DHCP specification that allows for alternate DNS port to be distributed?

In principle you are absolutely right. It's wrong and RFC and all that ...

I was only stating that e.g. old windows DHCP server (possibly some modern or you could hack it in the code (?)) would allow you to set different DNS port for your clients.

Do you have any example for that?

If not, that would confirm my doubts further.
AFAIAAO, nameserver ports are absent from the DHCP protocol, and as they are absent, you could hack a server as much as you want - no client would ever acknowledge your hacked option.

If my memory serves me well I did do that about 20 years ago on windows ... But I agree with you it's no point debating and I possibly should not have mentioned it at all. EOT