Got it working.
Limitations of the Synology GUI needed circumventing to get the required cap-add added.
Adding the full ground up solution here in case someone else is in the same spot and is trying to work out the fix with Synology docker.
Running via Docker Run rather than a docker-compose.yml .. just because
NOTE: this assumes you have/want a macvlan network set up for an IP different to the NAS.
Example macvlan name: nameofyourmacvlan
Example PiHole IP: 192.168.0.53
Example volume path for persistent PiHole data: /volume1/docker/pihole
Prerequisite:
If you want a unique IP on the LAN separate from your Synology, then you need to set up a macvlan.
This creates virtual NAT using the host hardware and allows us to create containers with unique IP addresses.
We can only create one macvlan per NIC, but once done you can create other containers with custom IPs as long as they use the macvlan as the network.
In the example below I'm defining a single IP to be used by Pihole (the /32 part of the IP address).
If the IP isn't specified then this will be the IP automatically assigned to the container.
To make a larger dhcp pool for the macvlan, check this link for more on subnets
Finally, some (all?) Synology NAS have 2 physical ethernet ports in them. Make sure you pick the one you have connected or prefer, or if you've network bonded them to a single ethernet then change the parent from eth0 to ovs_bond0
docker network create -d macvlan \
--subnet=192.168.0.0/24 \
--ip-range=192.168.0.53/32 \
--gateway=192.168.0.1 \
-o parent=eth0 nameofyourmacvlan
You should now see your new personal macvlan network in the Synology Network tab.
Next...
Stop your existing PiHole container in Docker and rename it to something like pihole_old.
If there are problems then you can always restart this one.
From the CMD line as root, type:
docker run -d \
--name pihole \
-h pihole \
--net nameofyourmacvlan \
-p 53/tcp \
-p 53/udp \
-p 67/udp \
-p 80/tcp \
--ip 192.168.0.53 \
-e ServerIP=192.168.0.53 \
-e PIHOLE_DNS_=1.1.1.1\;8.8.8.8 \
-e DHCP_RAPID_COMMIT=True \
-e DNSMASQ_USER=root \
-e DNSMASQ_LISTENING=local \
-e IPv6=False \
-e HOSTNAME=pihole \
-e PIHOLE_DOMAIN=mydomain \
-e HOME=/root \
-e WEBPASSWORD= \
-e TZ=EUROPE/LONDON \
-v /volume1/docker/pihole/pihole:/etc/pihole \
-v /volume1/docker/pihole/dnsmasq.d:/etc/dnsmasq.d \
--cap-add CAP_NET_ADMIN \
--restart=unless-stopped \
pihole/pihole:latest
Once run the container should show in the Synology Docker.
In the Synology Docker you should also see pihole added to the macvlan network.
Stop the container and change settings as required, memory, CPU Priority, Auto-Start
Start it up and it should be good to go.
If you don't want to create a macvlan and use a custom IP, then remove the following from the above
--net nameofyourmacvlan \
--ip 192.168.0.53 \
and change your port 80 so that it doesn't conflict the Synology.
If you don't do this then you'll get an failure error saying that the container can't be created as port 80 is already in use. This example uses port 81 to connect (e.g. http://pi.hole:81/admin)
-p 81:80/tcp \