Pi-hole + Unbound in Docker Synology, Bridge network can't communicate with host

piholeduck · May 5, 2024, 11:22am

Hi, please help me with my Pi-hole setup on Synology NAS. Here is the situation:

Pi-hole + Unbound in one container running on Synology

Setup everything using macvlan + bridge method

Synology has static IP of 192.168.5.2

Pi-hole on macvlan with static IP of 192.168.5.3/32 + bridge network IP of 192.168.90.2/32

Unbound on macvlan with static IP of 192.168.5.4/32

After setup, everything work as expected and I've been able to get different devices on other vlans to go through pi-hole. However I could not get the Nas to use pi-hole dns with the bridge network. I'm not really sure why and where to start looking.

I've tried to set DNS manually in DSM setting to use 192.168.90.2 but it does not work.
Tried to ssh to NAS, run nslookup youtube.com 192.168.90.2 and got connection timed out; no servers could be reached. Any advice would be much appreciated.

Here is my .yaml file, please take a look. Thank you !!!

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: Pi-hole
    cap_add: # Uncomment if you want to use Pi-Hole for DHCP
      - CAP_NET_RAW
      - CAP_NET_BIND_SERVICE
      - CAP_CHOWN
    ports:
      - 53/tcp
      - 53/udp
#       - 67/udp # Uncomment if you want to use Pi-Hole for DHCP
      - 80/tcp
    environment:
      - PIHOLE_UID=1028 #CHANGE_TO_YOUR_UID
      - PIHOLE_GID=65537 #CHANGE_TO_YOUR_GID
      - FTLCONF_LOCAL_IPV4=192.168.5.3
      - WEBPASSWORD=password
      - PIHOLE_DNS_=192.168.5.4
      - TZ=Asia/Ha_Noi
      - DNSMASQ_USER=root
      - DNSMASQ_LISTENING=local
    volumes:
      - /volume1/docker/pihole-unbound/pihole/pihole:/etc/pihole:rw
      - /volume1/docker/pihole-unbound/pihole/dnsmasq.d:/etc/dnsmasq.d/:rw
    networks:
      macvlan:
        ipv4_address: 192.168.5.3
      bridge:
        ipv4_address: 192.168.90.2
    restart: always
  unbound:
    container_name: unbound
    image: mvance/unbound:latest
    ports:
      - 53/tcp
      - 53/udp
    networks:
      macvlan:
        ipv4_address: 192.168.5.4
    restart: always

networks:
  macvlan:
    name: macvlan
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: 192.168.5.0/24
          ip_range: 192.168.5.3/30
          gateway: 192.168.5.1
  bridge:
    name: ph-bridge
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.90.0/24
          ip_range: 192.168.90.2/32
          gateway: 192.168.90.1

rdwebdesign · May 5, 2024, 6:35pm

Why are you adding 2 networks to your container?

If you are using macvlan, your devices will be able to use Pi-hole IP as DNS server.

By default, containers in macvlan network cannot directly talk to host (this includes docker bridge and host networks).
This isolation is intentional, but you can easily solve this issue creating a macvlan-shim network to allow communicating between host and macvlan.

piholeduck · May 10, 2024, 4:32am

Hi, I put two networks there because I want to create the macvlan and bridge network by docker compose. I found out that if I change the “DSN/Interface settings” in Admin page from “Response only on interface eth0” to “Permit all origins” then I can use the bridge IP as Preferred DSN server in Synology settings. Everything is working now.