Hi @diginc and all. I can't figure out why my Pi-hole forwarding to Unbound fails.
This is setup as two containers, both on Docker's bridge network. Pi-hole is 192.168.1.13 (172.17.0.2) on port 53 tcp and udp, while Unbound is 192.168.1.13 (172.17.0.3) on port 50053 tcp and udp. Pi-hole's Upstream DNS Server is set to 192.168.1.13#50053.
Unbound correctly resolves anything sent directly to port 50053. Pi-hole's admin interface works perfectly. However, Pi-hole will not resolve anything sent to its port 53. In the log, it will say
18:37:20 dnsmasq[9821]: query[A] foo.com from 192.168.1.100
18:37:20 dnsmasq[9821]: forwarded foo.com to 192.168.1.13
18:37:22 dnsmasq[9821]: query[A] time1.google.com from 172.17.0.1
18:37:22 dnsmasq[9821]: forwarded time1.google.com to 192.168.1.13
However, the query never arrives to Unbound and doesn't show in its logs.
I can ping between the two containers. I also tried disabling the Docker host's iptables. And, as mentioned, I can successfully resolve using this Unbound instance from other devices on the network, e.g. from 192.168.1.100, I can dig @192.168.1.13 -p 50053 foo.com and receive an answer from Unbound, but I cannot dig @192.168.1.13 -p 53 foo.com ("connection timed out; no servers could be reached").
I have this same setup running on my Synology without issue, but am trying to move off of that and onto an ESXi server on the same home network running Photon OS and Docker.
I uploaded a Pi-hole debug log: 7jms44n2up, but I'm doubtful this is a Pi-hole issue per se, unless I've somehow goofed the docker run. Here's the command:
docker run --name pihole \
--volume=/docker/pihole/etc/pihole:/etc/pihole \
--cap-add=NET_ADMIN \
--dns=127.0.0.1 \
--dns=1.1.1.1 \
--network=bridge \
--publish=53:53/tcp \
--publish=53:53/udp \
--publish=80:80 \
--publish=443:443 \
--env IPv6=false \
--env ServerIP=192.168.1.13 \
--env VIRTUAL_HOST=pihole.mydomain.net \
--env TZ=America/New_York \
--env WEBPASSWORD=xxyyzz \
--env DNS1=192.168.1.13#50053 \
--env DNS2=no \
--log-driver=json-file \
--restart=unless-stopped \
--detach=true \
pihole/pihole:latest
Suggestions welcome, and thanks for reading!