Pi-Hole v6 Docker Installation Question

Witchboard · February 21, 2025, 3:21am

The issue I am facing:
Deployed Docker image for V6. I must have something messed up with my ports. I can dig from the container, but unable to dig from host. Communication error timed out. I can reach the web port just fine, but DNS doesn't seem to be accessible.

Details about my system:

Ubuntu 22.04.5 LTS

yaml file below. unbound part can be ignored. One issue at a time.

services:
  pihole:
    container_name: pihole
    hostname: guardian
    image: pihole/pihole:latest
    networks:
      - pihole-unbound
    ports:
      # DNS Ports
      - "53:53/tcp"
      - "53:53/udp"
      # Default HTTP Port
      - "81:80/tcp"
      # Default HTTPs Port. FTL will generate a self-signed certificate
      #- "443:443/tcp"
    environment:
      # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
      TZ: 'America/Chicago'
      # Set a password to access the web interface. Not setting one will result in a random password being assigned
      FTLCONF_webserver_api_password: ''
      # Configure DNS upstream server, e.g:
      FTLCONF_dns_upstreams: 'unbound'
    # Volumes store your data between container upgrades
    volumes:
      # For persisting Pi-hole's databases and common configuration file
      - './etc-pihole:/etc/pihole'
      # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6>
      #- './etc-dnsmasq.d:/etc/dnsmasq.d'
    restart: unless-stopped
  unbound:
    container_name: unbound
    image: mvance/unbound:latest
    networks:
      - pihole-unbound
    ports:
      - "5335:53/tcp"
      - "5335:53/udp"
    environment:
      TZ: 'America/Chicago'
    volumes:
      - './unbound:/opt/unbound/etc/unbound/'
    restart: unless-stopped

networks:
  pihole-unbound:

What I have changed since installing Pi-hole:
Been playing around with changing up the yaml, but it's a new deployment, so nothing really changed. I'm not a docker guru, still learning.

Witchboard · February 26, 2025, 11:44pm

No feedback at all?

Ladrien · February 26, 2025, 11:58pm

Can you post your docker network configuration, along with the assigned IP addresses? This may be a docker bridge/routing issue.

Specifically looking for information on your pihole-unbound network.

Witchboard · February 27, 2025, 12:13am

I expect so. Is this what you're talking about?

NETWORK ID     NAME                           DRIVER    SCOPE
226d3c68ff04   bridge                         bridge    local
ef762e4841f6   host                           host      local
ba4cb9c396b7   minecraft-docker_default       bridge    local
680742435f8f   none                           null      local
efa0436b2b59   pihole-docker_default          bridge    local
760f24361427   pihole-docker_pihole-unbound   bridge    local
11d34bffd0c9   pihole-unbound                 bridge    local
3a872eabb7eb   single-node_default            bridge    local

I've tried several deployments, and I may need to do some cleanup. Is below the IP information you're talking about? This is my docker box that I play with, so there's several containers.

CONTAINER ID   IMAGE                           COMMAND                  CREATED        STATUS                  PORTS                                                                                                                                                           NAMES
e6efd7c1345d   pihole/pihole:latest            "start.sh"               5 days ago     Up 5 days (healthy)     0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, :::53->53/tcp, :::53->53/udp, 67/udp, 443/tcp, 0.0.0.0:81->80/tcp, :::81->80/tcp                                        pihole
a7c13030fa83   mvance/unbound:latest           "/unbound.sh"            5 days ago     Up 5 days (unhealthy)   0.0.0.0:5335->53/tcp, 0.0.0.0:5335->53/udp, :::5335->53/tcp, :::5335->53/udp                                                                                    unbound
07497598ca38   itzg/minecraft-server           "/start"                 5 months ago   Up 3 weeks (healthy)    0.0.0.0:19132->19132/udp, :::19132->19132/udp, 0.0.0.0:25565->25565/tcp, :::25565->25565/tcp                                                                    minecraft-docker-minecraft-1
bd3648f057bf   nginx:latest                    "/docker-entrypoint.…"   7 months ago   Up 3 weeks              0.0.0.0:80->80/tcp, :::80->80/tcp                                                                                                                               web
75411e9f8251   portainer/portainer-ce:latest   "/portainer"             7 months ago   Up 3 weeks              0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9443->9443/tcp, :::9443->9443/tcp, 9000/tcp                                                                  portainer
b98612eb0d52   wazuh/wazuh-dashboard:4.8.0     "/entrypoint.sh"         7 months ago   Up 3 weeks              443/tcp, 0.0.0.0:5601->5601/tcp, :::5601->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
f38c3b112025   wazuh/wazuh-manager:4.8.0       "/init"                  7 months ago   Up 3 weeks              0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1
fc5e6ee274d8   wazuh/wazuh-indexer:4.8.0       "/entrypoint.sh open…"   7 months ago   Up 3 weeks              0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1

Ladrien · February 27, 2025, 12:18am

Just based off first glance - your pihole-unbound network does not have connectivity to unbound, thus the issue with DNS resolution. Your solution here (if you'd like to have the pihole use a separate IP) is to create either a MACVLAN or IPVLAN network with the same subnet as your LAN. Otherwise consider switching to the host or bridge default networks.

It looks like you are running portainer, it may be easier to configure this from there.

Witchboard · February 27, 2025, 12:20am

Thanks. I'll take a look. Appreciate the direction.

Ladrien · February 27, 2025, 12:30am

Could you provide the pi-hole's upstream DNS?

Ladrien · February 27, 2025, 12:38am

@Witchboard I may be mistaken here. If you try dig unbound and ping unbound from the pi-hole container, what's the output?

Witchboard · February 27, 2025, 12:55am

I'm not really using unbound yet. Just trying to get pi-hole working first, then I'll deal with unbound. I don't even have an upstream DNS configured yet. Still just trying to get the port open to my network.

Ladrien · February 27, 2025, 12:59am

In that case, lets just focus on pi-hole. Go ahead and stop the unbound container, restart pi-hole and configure an upstream in pi-hole. You can choose any one that you prefer. If the pi-hole does not have an upstream, it wont know where to send DNS queries to, and it can look like the port is blocked.

Witchboard · February 27, 2025, 1:07am

Sorry to change gears. I pruned and re-deployed the container so all the old networks cleaned up. Below is the results of digging and pinging unbound.


; <<>> DiG 9.18.34 <<>> unbound
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8230
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;unbound.                       IN      A

;; ANSWER SECTION:
unbound.                600     IN      A       192.168.64.2

;; Query time: 0 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Wed Feb 26 19:02:58 CST 2025
;; MSG SIZE  rcvd: 48

PING unbound (192.168.64.2): 56 data bytes
64 bytes from 192.168.64.2: seq=0 ttl=64 time=0.064 ms
64 bytes from 192.168.64.2: seq=1 ttl=64 time=0.079 ms
64 bytes from 192.168.64.2: seq=2 ttl=64 time=0.080 ms
64 bytes from 192.168.64.2: seq=3 ttl=64 time=0.079 ms

Ladrien · February 27, 2025, 1:32am

This is from the pi-hole? Promising if so. Can you send an updated list of containers?

Witchboard · February 27, 2025, 3:18am

Yes, this is from the pi-hole container. List as requested though nothing much has changed.

CONTAINER ID   IMAGE                           COMMAND                  CREATED        STATUS                   PORTS                                                                                                                                                           NAMES
c619c83745c7   pihole/pihole:latest            "start.sh"               2 hours ago    Up 2 hours (healthy)     0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, :::53->53/tcp, :::53->53/udp, 67/udp, 443/tcp, 0.0.0.0:81->80/tcp, :::81->80/tcp                                        pihole
8ec668f7dc81   mvance/unbound:latest           "/unbound.sh"            2 hours ago    Up 2 hours (unhealthy)   0.0.0.0:5335->53/tcp, 0.0.0.0:5335->53/udp, :::5335->53/tcp, :::5335->53/udp                                                                                    unbound
07497598ca38   itzg/minecraft-server           "/start"                 5 months ago   Up 3 weeks (healthy)     0.0.0.0:19132->19132/udp, :::19132->19132/udp, 0.0.0.0:25565->25565/tcp, :::25565->25565/tcp                                                                    minecraft-docker-minecraft-1
bd3648f057bf   nginx:latest                    "/docker-entrypoint.…"   7 months ago   Up 3 weeks               0.0.0.0:80->80/tcp, :::80->80/tcp                                                                                                                               web
75411e9f8251   portainer/portainer-ce:latest   "/portainer"             7 months ago   Up 3 weeks               0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9443->9443/tcp, :::9443->9443/tcp, 9000/tcp                                                                  portainer
b98612eb0d52   wazuh/wazuh-dashboard:4.8.0     "/entrypoint.sh"         7 months ago   Up 3 weeks               443/tcp, 0.0.0.0:5601->5601/tcp, :::5601->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
f38c3b112025   wazuh/wazuh-manager:4.8.0       "/init"                  7 months ago   Up 3 weeks               0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1
fc5e6ee274d8   wazuh/wazuh-indexer:4.8.0       "/entrypoint.sh open…"   7 months ago   Up 3 weeks               0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1

Ladrien · February 27, 2025, 3:24am

Go ahead and set an upstream that is not unbound in the pi-hole container and see if you can get any dns resolutions from a client pc. eg: nslookup google.com <pi-hole ip>

Witchboard · February 27, 2025, 5:17am

Set the DNS upstream to Google. DNS request timed out.

Ladrien · February 27, 2025, 5:38am

Hmm. Lets check the port on the host.

Can you run these commands on the docker host and send the output:
sudo lsof -i :53
docker logs c619c83745c7

Witchboard · February 27, 2025, 6:01am

Sure thing. The container ID changed when I removed the unbound from the yaml.

COMMAND       PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
docker-pr 1370982 root    4u  IPv4 56165335      0t0  TCP *:domain (LISTEN)
docker-pr 1370989 root    4u  IPv6 56165340      0t0  TCP *:domain (LISTEN)
docker-pr 1371006 root    4u  IPv4 56168485      0t0  UDP *:domain
docker-pr 1371012 root    4u  IPv6 56168489      0t0  UDP *:domain

  [i] Setting up user & group for the pihole user
  [i] PIHOLE_UID not set in environment, using default (1000)
  [i] PIHOLE_GID not set in environment, using default (1000)

  [i] Starting FTL configuration
  [i] No DNS upstream set in environment or config file, defaulting to Google DNS
  [i] Assigning password defined by Environment Variable
  [i] Starting crond for scheduled scripts. Randomizing times for gravity and update checker

  [i] Ensuring logrotate script exists in /etc/pihole

  [i] Gravity migration checks
  [i] Existing gravity database found - schema will be upgraded if necessary


  [i] pihole-FTL pre-start checks
  [i] Setting capabilities on pihole-FTL where possible
  [i] Applying the following caps to pihole-FTL:
        * CAP_CHOWN
        * CAP_NET_BIND_SERVICE
        * CAP_NET_RAW

  [i] Starting pihole-FTL (no-daemon) as pihole

  [i] Version info:
      Core version is v6.0.4 (Latest: v6.0.4)
      Web version is v6.0.1 (Latest: v6.0.1)
      FTL version is v6.0.2 (Latest: v6.0.2)

2025-02-26 23:15:35.640 CST [59M] INFO: ########## FTL started on guardian! ##########
2025-02-26 23:15:35.640 CST [59M] INFO: FTL branch: master
2025-02-26 23:15:35.640 CST [59M] INFO: FTL version: v6.0.2
2025-02-26 23:15:35.640 CST [59M] INFO: FTL commit: ac500d5f
2025-02-26 23:15:35.640 CST [59M] INFO: FTL date: 2025-02-21 21:48:20 +0000
2025-02-26 23:15:35.640 CST [59M] INFO: FTL user: pihole
2025-02-26 23:15:35.640 CST [59M] INFO: Compiled for linux/amd64 (compiled on CI) using cc (Alpine 14.2.0) 14.2.0
2025-02-26 23:15:35.869 CST [59M] INFO: 1 FTLCONF environment variable found (1 used, 0 invalid, 0 ignored)
2025-02-26 23:15:35.869 CST [59M] INFO:    [✓] FTLCONF_webserver_api_password is used
2025-02-26 23:15:35.870 CST [59M] INFO: Wrote config file:
2025-02-26 23:15:35.870 CST [59M] INFO:  - 152 total entries
2025-02-26 23:15:35.870 CST [59M] INFO:  - 140 entries are default
2025-02-26 23:15:35.870 CST [59M] INFO:  - 12 entries are modified
2025-02-26 23:15:35.870 CST [59M] INFO:  - 0 entries are forced through environment
2025-02-26 23:15:35.871 CST [59M] INFO: Parsed config file /etc/pihole/pihole.toml successfully
2025-02-26 23:15:35.871 CST [59M] INFO: PID file does not exist or not readable
2025-02-26 23:15:35.871 CST [59M] INFO: No other running FTL process found.
2025-02-26 23:15:35.871 CST [59M] WARNING: Insufficient permissions to set process priority to -10 (CAP_SYS_NICE required), process priority remains at 0
2025-02-26 23:15:35.874 CST [59M] INFO: PID of FTL process: 59
2025-02-26 23:15:35.874 CST [59M] INFO: listening on 0.0.0.0 port 53
2025-02-26 23:15:35.874 CST [59M] INFO: listening on :: port 53
2025-02-26 23:15:35.876 CST [59M] INFO: PID of FTL process: 59
2025-02-26 23:15:35.876 CST [59M] INFO: Database version is 21
2025-02-26 23:15:35.877 CST [59M] INFO: Database successfully initialized
2025-02-26 23:15:36.058 CST [59M] INFO: Imported 16634 queries from the on-disk database (it has 124950 rows)
2025-02-26 23:15:36.058 CST [59M] INFO: Parsing queries in database
2025-02-26 23:15:36.092 CST [59M] INFO:   10000 queries parsed...
2025-02-26 23:15:36.113 CST [59M] INFO: Imported 16634 queries from the long-term database
2025-02-26 23:15:36.113 CST [59M] INFO:  -> Total DNS queries: 16634
2025-02-26 23:15:36.113 CST [59M] INFO:  -> Cached DNS queries: 59
2025-02-26 23:15:36.113 CST [59M] INFO:  -> Forwarded DNS queries: 16299
2025-02-26 23:15:36.113 CST [59M] INFO:  -> Blocked DNS queries: 24
2025-02-26 23:15:36.113 CST [59M] INFO:  -> Unknown DNS queries: 0
2025-02-26 23:15:36.113 CST [59M] INFO:  -> Unique domains: 534
2025-02-26 23:15:36.113 CST [59M] INFO:  -> Unique clients: 24
2025-02-26 23:15:36.113 CST [59M] INFO:  -> DNS cache records: 339
2025-02-26 23:15:36.113 CST [59M] INFO:  -> Known forward destinations: 4
2025-02-26 23:15:36.246 CST [59M] WARNING: Insufficient permissions to set system time (CAP_SYS_TIME required), NTP client not available
2025-02-26 23:15:36.246 CST [59/T90] INFO: NTP server listening on 0.0.0.0:123 (IPv4)
2025-02-26 23:15:36.246 CST [59/T91] INFO: NTP server listening on :::123 (IPv6)
2025-02-26 23:15:36.246 CST [59M] INFO: FTL is running as user pihole (UID 1000)
2025-02-26 23:15:36.247 CST [59M] INFO: Reading certificate from /etc/pihole/tls.pem ...
2025-02-26 23:15:36.247 CST [59M] INFO: Using SSL/TLS certificate file /etc/pihole/tls.pem
2025-02-26 23:15:36.247 CST [59M] INFO: Web server ports:
2025-02-26 23:15:36.247 CST [59M] INFO:   - 80 (HTTP, IPv4, optional)
2025-02-26 23:15:36.247 CST [59M] INFO:   - 80 (HTTP, IPv6, optional)
2025-02-26 23:15:36.247 CST [59M] INFO:   - 443 (HTTPS, IPv4, optional)
2025-02-26 23:15:36.247 CST [59M] INFO:   - 443 (HTTPS, IPv6, optional)
2025-02-26 23:15:36.247 CST [59M] INFO: Restored 1 API session from the database
2025-02-26 23:15:36.255 CST [59M] INFO: Blocking status is enabled
2025-02-26 23:15:36.393 CST [59/T92] INFO: Compiled 146 allow and 19 deny regex for 24 clients in 45.1 msec
2025-02-26 23:15:39.029 CST [59/T100] INFO: Local URI: "/admin/settings/dns"
2025-02-26 23:15:40.261 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:15:40.261 CST [59/T94] INFO: Tried to resolve PTR "98.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:15:42.277 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:15:42.277 CST [59/T94] INFO: Tried to resolve PTR "201.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:15:44.293 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:15:44.293 CST [59/T94] INFO: Tried to resolve PTR "165.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:15:46.309 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:15:46.309 CST [59/T94] INFO: Tried to resolve PTR "141.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:15:48.325 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:15:48.325 CST [59/T94] INFO: Tried to resolve PTR "100.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:15:50.341 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:15:50.341 CST [59/T94] INFO: Tried to resolve PTR "173.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:15:52.357 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:15:52.357 CST [59/T94] INFO: Tried to resolve PTR "1.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:15:54.373 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:15:54.373 CST [59/T94] INFO: Tried to resolve PTR "158.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:15:56.389 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:15:56.389 CST [59/T94] INFO: Tried to resolve PTR "167.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:15:58.405 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:15:58.405 CST [59/T94] INFO: Tried to resolve PTR "117.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:00.421 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:00.421 CST [59/T94] INFO: Tried to resolve PTR "203.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:02.437 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:02.437 CST [59/T94] INFO: Tried to resolve PTR "164.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:04.453 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:04.453 CST [59/T94] INFO: Tried to resolve PTR "109.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:06.469 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:06.469 CST [59/T94] INFO: Tried to resolve PTR "169.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:08.485 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:08.485 CST [59/T94] INFO: Tried to resolve PTR "166.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:10.501 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:10.501 CST [59/T94] INFO: Tried to resolve PTR "168.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:12.517 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:12.517 CST [59/T94] INFO: Tried to resolve PTR "174.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:14.533 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:14.533 CST [59/T94] INFO: Tried to resolve PTR "161.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:16.549 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:16.549 CST [59/T94] INFO: Tried to resolve PTR "10.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:18.569 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:18.569 CST [59/T94] INFO: Tried to resolve PTR "175.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:20.581 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:20.581 CST [59/T94] INFO: Tried to resolve PTR "177.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:22.597 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:22.597 CST [59/T94] INFO: Tried to resolve PTR "178.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:24.613 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:24.613 CST [59/T94] INFO: Tried to resolve PTR "182.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:26.629 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:26.629 CST [59/T94] INFO: Tried to resolve PTR "1.0.168.192.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:28.645 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:28.645 CST [59/T94] INFO: Tried to resolve PTR "8.8.8.8.in-addr.arpa" on 127.0.0.1#53 (UDP)
2025-02-26 23:16:30.661 CST [59/T94] ERROR: Cannot receive UDP DNS reply: Timeout - no response from upstream DNS server
2025-02-26 23:16:30.661 CST [59/T94] INFO: Tried to resolve PTR "4.4.8.8.in-addr.arpa" on 127.0.0.1#53 (UDP)

Bucking_Horn · February 27, 2025, 11:57am

Both containers are tied to the same network (pihole-unbound), which the shared compose leaves defined as a default bridge (assuming Witchboard has shared the full docker compose file).

Witchboard, I tried running your docker compose with two changes: I had to use mvance/unbound-rpi:latest to match my CPU architecture, and I omitted volumes: './unbound:/opt/unbound/etc/unbound/' to have that unbound container stick with its defaults, rather than having to supply some unbound configuration files.

This results in an instantly working configuration.

In your case, your unbound container is reported as unhealthy.
What's the output of

docker logs unbound

This may indicate a host connectivity issue.

Run from your Docker host, what's the output of

dig discourse.pi-hole.net

dig discourse.pi-hole.net @8.8.8.8

Witchboard · February 27, 2025, 3:42pm

Result

[1740633344] unbound[1:0] warning: so-rcvbuf 1048576 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.

Run from your Docker host, what's the output of

dig discourse.pi-hole.net

Result

; <<>> DiG 9.18.30-0ubuntu0.22.04.2-Ubuntu <<>> discourse.pi-hole.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32248
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;discourse.pi-hole.net.         IN      A

;; ANSWER SECTION:
discourse.pi-hole.net.  218     IN      A       52.14.183.198

;; Query time: 8 msec
;; SERVER: 192.168.0.2#53(192.168.0.2) (UDP)
;; WHEN: Thu Feb 27 09:37:25 CST 2025
;; MSG SIZE  rcvd: 66

dig discourse.pi-hole.net @8.8.8.8

Result

;; communications error to 8.8.8.8#53: timed out

This makes sense. I just remembered that I have my old pi-hole configured to block DNS requests to other servers. I'll play with disabling that tonight or adding the new instance of pi-hole to the list. Thanks!

Witchboard · February 27, 2025, 5:44pm

Okay, after adding the docker host to my DNS group in my router below is the results of the new dig.

; <<>> DiG 9.18.30-0ubuntu0.22.04.2-Ubuntu <<>> discourse.pi-hole.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1884
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;discourse.pi-hole.net.         IN      A

;; ANSWER SECTION:
discourse.pi-hole.net.  2240    IN      A       52.14.183.198

;; Query time: 16 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Thu Feb 27 11:35:58 CST 2025
;; MSG SIZE  rcvd: 66