Pihole DNS configuration kills DNS lookup on docker internal network

Help Community Help
1

What I have changed since installing Pi-hole:
Nothing

My network:
pihole runs on an old desktop minipc in a container. Network resulution works through pihole on the LAN, as far as I can tell (didn’t have a lot of time to test it thoroughly).

My issue:
So apparently containers behind my traefik reverse proxy (also containerized) suffer with DNS resolution, and I don't know how to properly configure pihole. Below is my compose. Any idea what I'm doing wrong? AI has me running around in circles.

The way I tested:

docker run --rm --network traefik-proxynet busybox nslookup portainer.my.subdomain.duckdns.org

Server:         127.0.0.11
Address:        127.0.0.11:53
** server can't find portainer.my.subdomain.duckdns.org: SERVFAIL
** server can't find portainer.my.subdomain.duckdns.org: SERVFAIL

whereas:

docker run --rm --network traefik-proxynet --dns 172.28.0.2 busybox nslookup portainer.my.subdomain.duckdns.org

Server:         127.0.0.11
Address:        127.0.0.11:53
Non-authoritative answer:
Non-authoritative answer:
Name:   portainer.my.subdomain.duckdns.org
Address: x.x.x.x

my compose:

services:
  traefik:
    image: traefik:v3.0
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - traefik-proxynet
    depends_on:
      - pihole
    dns:
      - 172.28.0.2 # pihole's static IP for docker DNS resolution
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080" # Dashboard
    environment:
      DUCKDNS_TOKEN_FILE: /run/secrets/duckdns_token
      TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
    secrets:
      - duckdns_token
    env_file: .env
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`my.subdomain.duckdns.org`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.my.subdomain.duckdns.org`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=duckdns"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=my.subdomain.duckdns.org"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.my.subdomain.duckdns.org"
      - "traefik.http.routers.traefik-secure.service=api@internal"


  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    hostname: pihole
    networks:
      traefik-proxynet:
        ipv4_address: 172.28.0.2  # static IP -> docker DNS will be routed through pihole
    dns:
      - 1.1.1.1
      - 1.0.0.1
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 8089:80/tcp
#    expose:
#      - 8089
    environment:
      TZ: Europe/Budapest
      FTLCONF_dns_listeningMode: all
#      FTLCONF_dns_upstreams: 10.5.0.4#5053
      FTLCONF_LOCAL_IPV4: 172.28.0.2
      FTLCONF_dns_upstreams: 1.1.1.1;1.0.0.1 #8.8.8.8;8.8.4.4
      FTLCONF_webserver_domain: "pihole.my.subdomain.duckdns.org"
      FTLCONF_webserver_interface_theme: default-auto
      FTLCONF_webserver_interface_boxed: false
      FTLCONF_webserver_port: 80
    volumes:
      - "./pihole/etc-pihole:/etc/pihole"
      - "./pihole/etc-dnsmasq.d:/etc/dnsmasq.d"
    cap_add:
      - NET_ADMIN
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.pihole.tls=true"
      - "traefik.http.routers.pihole.rule=Host(`pihole.my.subdomain.duckdns.org`)"
      - "traefik.http.middlewares.pihole-redirect.redirectregex.regex=^https://pihole.my.subdomain.duckdns.org/?$$"
      - "traefik.http.middlewares.pihole-redirect.redirectregex.replacement=https://pihole.my.subdomain.duckdns.org/admin"
      - "traefik.http.services.pihole.loadbalancer.server.port=80"
      - "traefik.http.services.pihole.loadbalancer.passhostheader=true"
    restart: unless-stopped



secrets:
    duckdns_token:
      file: ./duckdns_token.txt


networks:
  traefik-proxynet:
    name: traefik-proxynet
    ipam:
      driver: default
      config:
      - subnet: 172.28.0.0/24
2

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.