Pihole 3.0 on Synology Docker - list updates fail

manne01 · June 15, 2017, 7:13pm

Hi there,

Pi-hole Version v3.0.1 Web Interface Version v3.0.1 FTL Version v2.7.4 (Update available!)

list updates fail with

::: Neutrino emissions detected...
:::
::: Pulling source lists into range... done!
:::
::: Getting raw.githubusercontent.com list... done
:::   Status: Status 000
:::   List download failed, using cached list (list not updated!)
::: Getting mirror1.malwaredomains.com list... done
:::   Status: Status 000
:::   List download failed, using cached list (list not updated!)
::: Getting sysctl.org list... done
:::   Status: Status 000
:::   List download failed, using cached list (list not updated!)
::: Getting zeustracker.abuse.ch list... done
:::   Status: Status 000
:::   List download failed, using cached list (list not updated!)
::: Getting s3.amazonaws.com list... done
:::   Status: Status 000
:::   List download failed, using cached list (list not updated!)
::: Getting s3.amazonaws.com list... done
:::   Status: Status 000
:::   List download failed, using cached list (list not updated!)
::: Getting hosts-file.net list... done
:::   Status: Status 000
:::   List download failed, using cached list (list not updated!)
::: 
::: Aggregating list of domains... done!
::: Formatting list of domains to remove comments.... done!
::: 133922 domains being pulled in by gravity...
::: Removing duplicate domains.... done!
::: 110271 unique domains trapped in the event horizon.
:::
::: Adding adlist sources to the whitelist... done!
::: Whitelisting 6 domains... done!
::: Nothing to blacklist!
::: No wildcards used!
::: Formatting domains into a HOSTS file... done!
:::
::: Cleaning up un-needed files... done!
:::
::: Refresh lists in dnsmasq... done!
::: DNS service is NOT running

pihole -up
does also fail with

pihole -up                                                            
::: Checking for updates...                                                     
fatal: unable to access 'https://github.com/pi-hole/pi-hole.git/': Couldn't reso
lve host 'github.com'

Unfortunately the debug log cannot be uploaded. Can I somehow provide it on another way?

Mcat12 · June 15, 2017, 7:15pm

The log is located at /var/log/pihole_debug.log. You can try to get it off the device, then either upload it to a pastebin site or follow this guide:

manne01 · June 15, 2017, 8:18pm

Thanks for your quick response! I tried but failed performing the simplest test...

It is not resolving the domain name.

bash-4.3# ifconfig                                                              
eth0      Link encap:Ethernet  HWaddr ....................                         
          inet addr:172.17.0.2  Bcast:0.0.0.0  Mask:255.255.0.0                 
          inet6 addr: ...../64 Scope:Link                            
          inet6 addr: ...../64 Scope:Link                        
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1                    
          RX packets:2540 errors:0 dropped:0 overruns:0 frame:0                 
          TX packets:2440 errors:0 dropped:0 overruns:0 carrier:0               
          collisions:0 txqueuelen:0                                             
          RX bytes:259881 (253.7 KiB)  TX bytes:492240 (480.7 KiB)              
                                                                                
lo        Link encap:Local Loopback                                             
          inet addr:127.0.0.1  Mask:255.0.0.0                                   
          inet6 addr: ::1/128 Scope:Host                                        
          UP LOOPBACK RUNNING  MTU:65536  Metric:1                              
          RX packets:144 errors:0 dropped:0 overruns:0 frame:0                  
          TX packets:144 errors:0 dropped:0 overruns:0 carrier:0                
          collisions:0 txqueuelen:0                                             
          RX bytes:230934 (225.5 KiB)  TX bytes:230934 (225.5 KiB)

Mcat12 · June 15, 2017, 8:21pm

Did you run that from the Pi-hole? Try taking the log off the Pi-hole (via ftp, scp, etc), and then try that command on the secondary device.

manne01 · June 15, 2017, 8:40pm

cat pihole_debug.log | openssl s_client -quiet -connect tricorder.pi-hole.net:9998 2> /dev/null
worked on another machine.

token is:
jsvqblfjme

I hope you can identify some issues. Thank you so much in advance for any help!

diginc · June 15, 2017, 8:52pm

Did you re-create your docker container from scratch yet?

manne01 · June 15, 2017, 8:55pm

Yes, several times...

diginc · June 15, 2017, 8:59pm

Have you tried setting your Primary DNS server to google's

It looks like it's currently pointed to your router on 192.168.x.1?

What is your router's DNS pointed to?

manne01 · June 15, 2017, 9:13pm

My routers dns is pointing to my synology, where my pi hole is running.
Via dhcp this ip is also set inside synology as dns server.

So the dns server is everywhere my piholes ip.

But yes, the pi holes primary dns is the router (i thought thats good, no?!)

I have set DNS1 to 8.8.8.8 as well but unfortunately i have the same problems with that setting.

diginc · June 15, 2017, 10:03pm

Your Pihole's primary DNS should be one of the default internet servers pihole suggests in the web UI most likely, unless you have a technical need for it to be your router.

My thought here was if your router's primary DNS is pihole and your pihole's DNS is your router...don't they just infinitely loop? Or maybe if fails eventually and tries the secondary, but that'd degrade performance. I'm not sure exactly how that situation plays out but it's a circular dependency in my mind, and ultimately your DNS must come from an upstream internet source as a home internet user

I'm seeing a lot of mentions of your internal docker gateway address 172.17.0.1 in the tricorder log, comparing ot my own pihole I see no mentions of that. I've never actually ran a synology so I'm not the best person to consult on getting my image running with it.

I would suggest radical changes like use the debian version (diginc/pi-hole:debian) or try --net=host equivalent setting for synology to see if that makes any difference.

manne01 · June 15, 2017, 10:45pm

Alright, it works now: I used the dicinc/pi-hole:alpine instead of dicinc/pi-hole:latest
Synology docker wizard is aking which tag one wants to download where I dont really know what to choose. With Alpine I dont have any problems, I can update the lists, I can dig and curl inside the pi hole container - very well!

Is there a description about the differences of the available tags somewhere?

diginc · June 15, 2017, 11:09pm

Interesting, :latest and :alpine are supposed to be identical. They were last build at the exact same time with the exact same source (my source at least). I had noticed they actually don't end up with the same hash on docker's images but I had never noticed any difference between them.

Here's the docs: https://github.com/diginc/docker-pi-hole/#docker-tags-and-versioning

Glad you got it working

manne01 · June 15, 2017, 11:14pm

Thank you so much, Diginc! For your support and of course for the nice docker image as well! It worked great with older pihole versions for me already. Only now during the upgrade I stepped into the trouble which could easily be on synologys side as well, dont know.

Again thank you so much indeed!

manne01 · June 15, 2017, 11:22pm

For others:

I use Synology Docker Package 1.11.2-0329

I am in bridged mode with ports
7878 -> 80
53 -> 53 (udp and tcp)

Env var:
ServerIP=.....
ServerIPv6=.....

I mounted
/some/dir/on/my/nas -> /etc/pihole

bousix · June 29, 2017, 1:05pm

not sure for relevance, but after recreating the container, the synology firewall rules loses the initial port numbers for the pi-hole (53/80) setup (it just showed a comma , there). i needed to re-address the rules on synology.