Pi-Hole gravity update fails

deHakkelaar · November 21, 2024, 5:44pm

Below two might give some clues if your interface name is like for example eth0:

resolvconf -l

sudo journalctl --full --no-hostname --boot --grep eth0

SerialSpammer · November 21, 2024, 5:47pm

thats no help

root@pi-hole:/# resolvconf -l
bash: resolvconf: command not found
root@pi-hole:/# sudo journalctl --full --boot --grep eth0
sudo: journalctl: command not found

it says ".# Generated by Docker Engine.
.# This file can be edited; Docker Engine will not make further changes once it
.# has been modified." in /etc/resolv.conf

but removing the container to update is going to reset the file, unless I map it to a file on the host, what tells Docker Engine what to put here

deHakkelaar · November 21, 2024, 5:48pm

Oops sorry, I missed the Docker part

Bucking_Horn · November 21, 2024, 8:00pm

Yes.
The point is that the host system's DNS resolution is irrelevant for your clients DNS resolution, so there would be no harm in pointing it to a public DNS resolver.

The whole 127.0.0.0/8 range is (and ::1/128 for IPv6).

127.0.0.11 is indeed Docker's internal DNS proxy, providing container name resolution and forwarding other DNS requests to external DNS servers as provided by your host's /etc/resolv.conf (just as the comments in your container's resolv.conf are telling you).

I was under the impression you did change your hosts's resolv.conf from 10.42.0.252 to 192.168.1.252 in the meantime?

Let's double check that - run from your Docker host system, what's the output of:

cat /etc/resolv.conf

docker exec pihole cat /etc/resolv.conf

SerialSpammer · November 21, 2024, 8:38pm

so why does 127.0.0.11 not work within 4 seconds but 127.0.0.1 does?

yes I released that part was copied from the host, the host used to run Network Manager sharing so the resov.conf was messed up, that is now correct and the host is using pi-hole though the macvlan

before:

root@pi-hole:/# cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.

nameserver 127.0.0.11
options ndots:0

# Based on host file: '/etc/resolv.conf' (internal resolver)
# ExtServers: [10.42.0.252 1.1.1.1]
# Overrides: []
# Option ndots from: internal

after edit, that will get reverted when I remove the container

root@pi-hole:/# cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.

nameserver 127.0.0.1
options ndots:0

# Based on host file: '/etc/resolv.conf' (internal resolver)
# ExtServers: [192.168.1.252 1.1.1.1]
# Overrides: []
# Option ndots from: internal

so what my question was that still has not been answered, is what sets /etc/resolv.conf when creating the container and why does 127.0.0.11 give over 4 seconds delay but 127.0.0.1 works like it should, if there both loopback they should act the same

can /etc/resov.conf be mapped with "-v /docker/pi-hole/etc/resolv.conf:/etc/resolv.conf"
and if something overwrite it, I will have to write lock the file with "chattr +i"
will that cause any issues anywhere?

DanSchaper · November 21, 2024, 8:40pm

Add --dns=1.1.1.1 to your docker run command.

Bucking_Horn · November 21, 2024, 8:41pm

Please provide your host system's resolv.conf as well, as requested:

Are you saying you changed the comment in your container's /etc/resolv.conf?
From:

To:

That won't work, as that comment doesn't affect anything.

In all likelihood, because your container still tries 10.42.0.252 before it times out and uses 1.1.1.1.

You need to change the Docker host system's /etc/resolv.conf and restart your container. Edit: Or explicitly set a DNS server for the container, as Dan suggested.

SerialSpammer · November 21, 2024, 8:44pm

that was changed at the host but the 127.0.0.11 to 127.0.0.1 was changed from within the container with "docker exec -it pi-hole /bin/bash" then installing nano as I don't get along with vi
I know none of this will be saved
Edit vi isn't default installed either

DanSchaper · November 21, 2024, 8:46pm

See the example docker run command we have documented at the repo.

github.com/pi-hole/docker-pi-hole

examples/docker_run.sh

4cb3c3a16


      
          [[ -d "$PIHOLE_BASE" ]] || mkdir -p "$PIHOLE_BASE" || { echo "Couldn't create storage directory: $PIHOLE_BASE"; exit 1; }
          
          # Note: FTLCONF_LOCAL_IPV4 should be replaced with your external ip.
          docker run -d \
              --name pihole \
              -p 53:53/tcp -p 53:53/udp \
              -p 80:80 \
              -e TZ="America/Chicago" \
              -v "${PIHOLE_BASE}/etc-pihole:/etc/pihole" \
              -v "${PIHOLE_BASE}/etc-dnsmasq.d:/etc/dnsmasq.d" \
              --dns=127.0.0.1 --dns=1.1.1.1 \
              --restart=unless-stopped \
              --hostname pi.hole \
              -e VIRTUAL_HOST="pi.hole" \
              -e PROXY_LOCATION="pi.hole" \
              -e FTLCONF_LOCAL_IPV4="127.0.0.1" \
              pihole/pihole:latest
          
          printf 'Starting up pihole container '
          for i in $(seq 1 20); do
              if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then

And see the link I posted in my reply to the docker documentation (127.0.11 is the address of the embedded DNS server mentioned in the documentation) :

Containers use the same DNS servers as the host by default, but you can override this with --dns.

By default, containers inherit the DNS settings as defined in the /etc/resolv.conf configuration file. Containers that attach to the default bridge network receive a copy of this file. Containers that attach to a custom network use Docker's embedded DNS server. The embedded DNS server forwards external DNS lookups to the DNS servers configured on the host.

You can configure DNS resolution on a per-container basis, using flags for the docker run or docker create command used to start the container. The following table describes the available docker run flags related to DNS configuration.

SerialSpammer · November 21, 2024, 8:49pm

I will add --dns as listed

and see if it works, it should do

SerialSpammer · November 21, 2024, 8:52pm

I have no clue what has happened to my docker startup script but it no reboots the system and is run at startup by crontab so I might have an endless reboot loop

Unrelated to pi-hole but if I don’t answer for a few hours you know why, currently using mobile data on my phone

SerialSpammer · November 21, 2024, 8:57pm

my /etc/resolv.conf in pi-hole now looks like this

$ sudo docker exec pi-hole cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.

nameserver 127.0.0.11
options ndots:0

# Based on host file: '/etc/resolv.conf' (internal resolver)
# ExtServers: [127.0.0.1 1.1.1.1]
# Overrides: [nameservers]
# Option ndots from: internal

and gravity update is working

SerialSpammer · November 21, 2024, 8:58pm

thank you everyone, this issue is now resolved
as far as I know

DanSchaper · November 21, 2024, 9:00pm

The /etc/resolv.conf inside the container should have changed. Docker will not change it now because you have manually edited it and docker sees that the file has been modified and will not manage it. Glad gravity is working but it's not because of the change.

C:\Users\dan> docker container run -it --rm --dns=1.1.1.1 --entrypoint cat pihole/pihole:latest /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.

nameserver 1.1.1.1

# Based on host file: '/etc/resolv.conf' (legacy)
# Overrides: [nameservers]

Bucking_Horn · November 21, 2024, 9:00pm

You still want to check your Docker host's resolv.conf to not point to 10.42.0.252 anymore, especially after a reboot.

SerialSpammer · November 21, 2024, 9:05pm

it got changed by docker to what I posted above
that was a remove and run command
the ext Servers are the only things that changed

maybe the host change helped or it is using 127.0.0.1 and 1.1.1.1 now but not showing for some reason

DanSchaper · November 21, 2024, 9:08pm

Yeah, trying to see if that is what happens on a linux install.

SerialSpammer · November 21, 2024, 9:08pm

I did that, already said

SerialSpammer:

yes I released that part was copied from the host, the host used to run Network Manager sharing so the resov.conf was messed up, that is now correct and the host is using pi-hole though the macvlan

before:

root@pi-hole:/# cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.

nameserver 127.0.0.11
options ndots:0

# Based on host file: '/etc/resolv.conf' (internal resolver)
# ExtServers: [10.42.0.252 1.1.1.1]
# Overrides: []
# Option ndots from: internal

after edit, that will get reverted when I remove the container

root@pi-hole:/# cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.

nameserver 127.0.0.1
options ndots:0

# Based on host file: '/etc/resolv.conf' (internal resolver)
# ExtServers: [192.168.1.252 1.1.1.1]
# Overrides: []
# Option ndots from: internal

SerialSpammer · November 21, 2024, 9:16pm

the gravity update is shown in query log so it went though pi-hole, it was localhost so it must have worked

SerialSpammer · November 21, 2024, 9:21pm

unrelated to pi-hole but any idea why the host constantly looks up its hostname as AAAA which is IPv6, its showing up in pi-hole now the host resolv.conf is correct