Pi-hole Docker Macvlan: Can't reach when i change the router DNS

Help docker
1

Issue Summary: I'm facing communication issues with a Pi-hole instance running in Docker with macvlan on a Nuc. The Pi-hole is unreachable from the host and other containers when the router DNS is assigned to the Pi-hole container. Other containers within the same macvlan network can communicate with the Pi-hole without any problems.

Setup:

  • Raspberry Pi (Pi #1) running Pi-hole (192.168.2.9)
  • Nuc (Pi #2) running Pi-hole in Docker with macvlan (192.168.2.243)
  • Router DNS points to Pi #1

My main objective is to outphase the Raspberry Pi and get it working on the Nuc.

Observations:

  • When Router DNS Server is pointing to Pi-hole #1 Nuc and Pi-hole #2 can communicate.
  • Only when changing the Router DNS Server to Pi-hole #2, Nuc and Pi-hole #2 can't find eachother.
  • Pi-hole #2 in macvlan can access the internet, and other containers within macvlan can communicate with it.
  • After changing the router DNS to Pi #2, Pi-hole #2 becomes unreachable from the host and other containers.
  • The issue is not directly related to macvlan, as other containers within macvlan can still communicate with the host.
  • When Router DNS Server is pointing to Pi-hole #2 debug log doesn't show anything out of the ordinary.

Diagnostic Steps Taken:

  • Verified Pi-hole #2 can resolve DNS queries from within the macvlan.
  • Checked connectivity between containers within macvlan (e.g., HomeAssistant) and Pi-hole #2 – successful.
  • Nmap results show open ports when router DNS is not pointing to Pi-hole #2, but when it does, the host reports it as down or filtered.

Request for Assistance: Seeking suggestions for debugging and resolving the issue. Any help or insights would be greatly appreciated.

How the macvlan was created

docker network create -d macvlan -o parent=eno1 \
  --subnet 192.168.2.0/24 \
  --gateway 192.168.2.100 \
  --ip-range 192.168.2.240/28 \
  --aux-address="nuc=192.168.2.254" \
macvlan

On boot


#!/usr/bin/env bash
ip link add macvlan-shim link eno1 type macvlan mode bridge
ip addr add 192.168.2.254/28 dev macvlan-shim
ip link set macvlan-shim up
ip route add 192.168.2.240/28 dev macvlan-shim
ifconfig macvlan-shim

Pihole

services:
    pihole:
      container_name: pihole
      hostname: pihole
      image: pihole/pihole:latest
      labels:
        - "com.centurylinklabs.watchtower.enable=false"
      networks:
        macvlan:
          ipv4_address: 192.168.2.243
      expose:
        - 80
        - 53
        - 67
      environment:
        - TZ=Europe/Amsterdam
        - FTLCONF_LOCAL_IPV4=192.168.2.243
        - WEBPASSWORD=$WEBPASSWORD
        - IPv6=False
        - WEB_PORT=80
      volumes:
        - pihole:/etc/pihole/
        - pihole_dnsmasq:/etc/dnsmasq.d/
      dns:
        - 127.0.0.1
        - 1.1.1.1
      mac_address: 02:42:C0:A8:02:96
      cap_add:
        - NET_ADMIN
      restart: unless-stopped

  volumes:
    pihole:
    pihole_dnsmasq:

  networks:
    macvlan:
      external: true