services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      # DNS Ports (sí, estos son esenciales)
      - "53:53/tcp"
      - "53:53/udp"
      # Interfaz web
      - "8180:80/tcp"
      # HTTPS opcional, puedes mantenerlo si quieres acceso seguro
      # "443:443/tcp"
      # - "67:67/udp"
      # - "123:123/udp"
    environment:
      TZ: 'Europe/Madrid'   # o tu zona exacta
      FTLCONF_webserver_api_password: 'mypassword'
      FTLCONF_dns_listeningMode: 'all'  # para escuchar en todas las interfaces
    volumes:
      - './etc-pihole:/etc/pihole'
      # si no migras desde v5, no necesitas este
      # - './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      # - NET_ADMIN
      - SYS_TIME
      - SYS_NICE
    restart: unless-stopped

**
Setup**

• Router: Movistar RTF8115VW

  • LAN IP: 192.168.1.1

  • DHCP enabled

  • Primary DNS: 192.168.1.88 (Pi-hole)

  • Secondary DNS: 0.0.0.0

  • DNS Relay: Disabled

• Pi-hole: running on Raspberry Pi

  • Static IP: 192.168.1.88

• Mesh system: TP-Link Deco AX1500 in Access Point mode

  • All clients connected through Deco Wi-Fi

• Clients get IPs like 192.168.1.xxx

Pi-hole works, but barely blocks anything. The dashboard shows only a few queries.

Previously (in a simpler setup) every new webpage increased the query counter immediately, but now it increases very slowly — like if most DNS requests are bypassing Pi-hole.

image864×564 83.1 KB

What I Already Did

Confirmed Pi-hole is working locally:

dig @192.168.1.88 google.com

dig @192.168.1.88 google.com                                                                                                                     ✔  5s   

; <<>> DiG 9.20.13 <<>> @192.168.1.88 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 15595
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.			IN	A

;; Query time: 0 msec
;; SERVER: 192.168.1.88#53(192.168.1.88) (UDP)
;; WHEN: Sun Nov 02 15:55:34 CET 2025
;; MSG SIZE  rcvd: 39

cat /etc/resolv.conf                                                                                                                                    
───────┬────────────────────────────────────────────────────────────────────────
       │ File: /etc/resolv.conf
───────┼────────────────────────────────────────────────────────────────────────
   1   │ # Generated by NetworkManager
   2   │ nameserver 192.168.1.88
   3   │ nameserver 9.9.9.9

Router DHCP DNS set to only 192.168.1.88, no fallback DNS.
Restarted router, Pi-hole, Deco, and all devices.
Deco is in Access Point mode, not Router mode.
All clients have IPs in the same range (192.168.1.x).

In the BASIC configuration of my router I have:

image1176×706 56.2 KB

In the Advanced configuration of my router I have:

image1060×468 68.5 KB

and inside of each one I have:

0

image1184×1016 85.6 KB

1

image1353×1147 175 KB

2

image1310×1184 173 KB

Still, Pi-hole only logs a few requests.

I want all DNS traffic in my network (wired and wireless through Deco AP) to go through Pi-hole for proper filtering.
What should I check or disable on the Movistar router to ensure DNS requests go directly to Pi-hole and not through the router itself?

What I’m doing wrong?

Thanks!

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

docker exec -it <pihole-container-name-or-id> pihole -d

where you substitute <pihole-container-name-or-id> as required.

Hi thanks for try to help me. Here you have the log: https://tricorder.pi-hole.net/65AudWKg/

Your debug log doesn't match your Compose file from above. Apparently you changed from bridge network mode to host and you changed the web server ports.

Did you make any other changes?

You are right. No, I didn't change nothing more. This changed I did because I was trying new things and was not possible.

Also I tried to use the auto installer (not docker) but I had the port 80 in use by nginx via docker, I changed the port in lightpd file but when I'm trying to go to /admin I receive a 403 forbidden.

Sorry if I'm mixing topics but I'm trying a lot of ways to use pihole and I couldn’t yet

Thanks for your time

Pi-hole v6 doesn't use lighttpd.

If you want to use Pi-hole without docker, you need to change Pi-hole port in pihole.toml, or simply use this command to change ports to 8080 and 8443 (change ports if desired):

sudo pihole-FTL --config webserver.port '8080o,8443so'

And then access the web interface using the correct port:

• http://192.168.1.88:8080/admin
• https://192.168.1.88:8443/admin

Thanks for your reply.

Tomorrow I will try it and I will update this post. I would like to find the solution via docker because I have all in containers but I wanted to try the installer to see if pihole blocks ads. Via docker I could install but doesn't block like I explain in my first post.

Thanks again for your time and tomorrow I will tell you if works or of I have the same problem like docker way

OK.

I thought you'd prefer it without Docker.

I can't find any obvious reason for your container not blocking. Tomorrow we can try other things to debug your container.

I couldn’t go to sleep without try your help xD.
I wrote your command and also I tried changing manually the port in the file but doesn’t work.
Now I don’t receive the 403 Forbidden.

image1920×791 243 KB

If you have more things to try, let me know here and tomorrow I will do it and update the post
Thanks again @rdwebdesign

The message "Firefox can't establish a connection to the server" indicates a network issue.

Is there a firewall blocking these ports?

I tried 10 times doing the same and in one moment works. Now It’s working and it’s blocking

image1550×1230 168 KB

But I realized if I connected using my VPN and my IP is 100.64.0.1 (self hosted) it’s not blocking.
I need to do something different? Also I cannot understand why the docker way was not working and this way it is. I’m using Headscale (Tailscale self-hosted) as VPN.
Tomorrow we can continue (Yes I know, it’s the 3rd time that I’m saying this phrase haha).

Probably also a network/VPN issue... I can't say without more info.

We can check this tomorrow.

Hi @rdwebdesign, I’m here and I can test for you the docker way.
What info do you need? Should I uninstall the pihole (autoinstaller version).

I tried this compose like I said in my first post:

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      # DNS Ports (sí, estos son esenciales)
      - "53:53/tcp"
      - "53:53/udp"
      # Interfaz web
      - "8180:80/tcp"
      # HTTPS opcional, puedes mantenerlo si quieres acceso seguro
      # "443:443/tcp"
      # - "67:67/udp"
      # - "123:123/udp"
    environment:
      TZ: 'Europe/Madrid'   # o tu zona exacta
      FTLCONF_webserver_api_password: 'mypassword'
      FTLCONF_dns_listeningMode: 'all'  # para escuchar en todas las interfaces
    volumes:
      - './etc-pihole:/etc/pihole'
      # si no migras desde v5, no necesitas este
      # - './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      # - NET_ADMIN
      - SYS_TIME
      - SYS_NICE
    restart: unless-stopped

but then I changed adding network: host to tested. If you want I can start from scratch.

PS: I solved the problem with my VPN. I have checked the option Permit all origins and now works (I don’t know if this something dangerous or bad idea or not)

Thanks!

This is only dangerous if your Pi-hole is exposed to the Internet (cloud services without proper firewall rules, local installation with ports opened on your router, etc). If you are correctly using a VPN to access it, this is fine.

If you want to try Pi-hole in a container, I suggest you to uninstall (or at least temporarily disable) the other Pi-hole to avoid confusion.

We need the current compose file, with all modifications.
We also need a fresh debug log. The previous one was automatically deleted.

Finally I think the best option or safer is like this.

image508×188 20.5 KB

Ok I will uninstall everything and start again in docker and I will put the debug log. Wait a minutes and thanks!

Here you have the debug: https://tricorder.pi-hole.net/yjDqPHbF/
I don’t know why, but now it’s working better and it’s blocking things but If i’m with my mobile it’s not working the ads, with the laptop yes.

image1278×1178 127 KB

Also I realized the DNS options are readonly mode. I tried to change to “bind” in the docker-compose variables but when I putted eth0,tailscale0 like the autoinstaller version for my VPN, was not working correctly.

I have checked when I’m adding more lists from firebog (green links) and update the gravity, always I have the same number of lists. I don’t know why.

image1318×1192 171 KB

Let me know if you need something more.

Thanks and sorry for the delay

eth0,tailscale0 is not a valid interface name. The interface can't be a list of interfaces.

You need to select one interface, or use "Permit all origins".

If ads are blocked on your laptop, but not on your phone, it means Pi-hole is working and your phone is probably not using Pi-hole as DNS server. You need to check the DNS settings on your phone.

Now it’s weird. I didn’t change absolutely nothing and it’s not working.

In the beginning I did the command dig and was blocked perfectly (point 1). Now i’m doing the same and it’s not blocking (point 2, doesn’t appear).

Really I’m frustrated @rdwebdesign

image2406×1016 333 KB

This is normal when you set options via environment variables.

The interface name is invalid. I can't saying anything else because you never posted your complete compose file.

I can't say what is happening with your lists, because the debug log doesn't match the container used on the image above.
The log contains just one list.