Pihole (docker) DHCP doesn't work

I've set up my pihole in a docker container, running in my ubuntu server. Pihole seems to be working correctly because if I change my DNS settings in my devices, I see traffic coming through on the dashboard. However, no ads are blocked whatsoever. If I disable my router's DHCP and enable Pihole's, literally nothing happens. My connections still work, but Pihole seems to have no traffic coming through.

I could not upload the debug log to tricoder, so here's a link: JustPaste.it - Share Text & Images the Easy Way

What Docker network mode are you using?

A client's DHCP broadcasts are same-segment only, so Pi-hole has to be on the same segment as your clients to receive them at all. Docker may isolate Pi-hole into its own network segment.

See also Docker DHCP and Network Modes.

Hi, sorry for the late reply. I'm running in the default mode. After setting it up again, I managed to have traffic come through pihole on my entire network. Instead of using Pihole's DHCP network, I'm using my router's and using Pihole as the DNS server. However, I'm using my server's local IP. I hope that's the correct way of doing things because I couldn't find any working alternatives. If it's not, please let me know.

Although my problem now is that I can't seem to block any ads. My percentage of blocked ads is around 2%. What can I do?

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

the DHCP server does not work for me either :confused:

Fresh Docker installation.
I use docker-compose file.
I configured it with bridge networking as per this discussion (which is linked in Github): DHCP with docker-compose and bridge networking

At the beginning I was thinking that problem is with dhcp-helper, but I've exec to pi-hole docker image, installed some tools, and I can see that port 67 is used:

# netstat -apn
udp        0      0 0.0.0.0:67              0.0.0.0:*                           -                   

but when I try:

root@8807fb76fae6:/# nmap --script broadcast-dhcp-discover      
Starting Nmap 7.80 ( https://nmap.org ) at 2022-09-28 14:58 CEST
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 10.33 seconds

it gives me nothing. So, my best guess is that its an issue with pi-hole itself :confused:
I did run debug and you can see output here: https://tricorder.pi-hole.net/bedfFxAU/

You didn't scan anything.

Edit:

From the log

*** [ DIAGNOSING ]: Pi-hole diagnosis messages
   count   last timestamp       type                  message                                                       blob1                 blob2                 blob3                 blob4                 blob5               
   ------  -------------------  --------------------  ------------------------------------------------------------  --------------------  --------------------  --------------------  --------------------  --------------------
   2       2022-09-28 14:46:13  DNSMASQ_WARN          no address range available for DHCP request via eth0                                                                                                                      
   2       2022-09-28 14:46:13  DNSMASQ_WARN          no address range available for DHCP request via eth1                                                                                                                      
   2       2022-09-28 14:46:13  DNSMASQ_WARN          no address range available for DHCP request via lo            

WARNING: No targets were specified, so 0 hosts scanned.
is a correct message. In this case nmap is not scanning any host but it is sendinf DHCP request to broadcast and waiting for DHCPOFFER.

*** [ DIAGNOSING ]: Pi-hole diagnosis messages
   count   last timestamp       type                  message                                                       blob1                 blob2                 blob3                 blob4                 blob5               
   ------  -------------------  --------------------  ------------------------------------------------------------  --------------------  --------------------  --------------------  --------------------  --------------------
   2       2022-09-28 14:46:13  DNSMASQ_WARN          no address range available for DHCP request via eth0                                                                                                                      
   2       2022-09-28 14:46:13  DNSMASQ_WARN          no address range available for DHCP request via eth1                                                                                                                      
   2       2022-09-28 14:46:13  DNSMASQ_WARN          no address range available for DHCP request via lo

This is actually a nice catch. I did some debugging and in 02-pihole-dhcp.conf we have:

dhcp-range=192.168.1.200,192.168.1.210,24h

while in man for dnsmasq they say:

For networks which receive DHCP service via a relay agent, dnsmasq cannot determine the netmask itself, so it should be specified

so the correct entry should be:

dhcp-range=192.168.1.200,192.168.1.210,255.255.255.0,24h

Unfortunately this is set by web-admin so I don't have any option for workaround here.
I did test however by setting in web gui dhcp-range from 172.31.0.100/16 and it works:

root@8807fb76fae6:/var/log/pihole# nmap --script broadcast-dhcp-discover -e eth1
Starting Nmap 7.80 ( https://nmap.org ) at 2022-09-29 01:27 CEST
Pre-scan script results:
| broadcast-dhcp-discover: 
|   Response 1 of 1: 
|     IP Offered: 172.31.0.157
|     DHCP Message Type: DHCPOFFER
|     Server Identifier: 172.31.0.100
|     IP Address Lease Time: 2m00s
|     Renewal Time Value: 1m00s
|     Rebinding Time Value: 1m45s
|     Subnet Mask: 255.255.0.0
|     Broadcast Address: 172.31.255.255
|     Domain Name Server: 172.31.0.100
|     Domain Name: lan
|_    Router: 172.31.0.1

of course it does not fix my issue.

What is the docker-compose configuration you are using for dhcp-helper please?

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "8001:80/tcp"
    #      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
    environment:
      TZ: 'Europe/Paris'
      FTLCONF_LOCAL_IPV4: 192.168.1.20
      PIHOLE_DNS_: 208.67.222.222;208.67.222.220
      DHCP_ACTIVE: "true"
      DHCP_START: 192.168.1.100
      DHCP_END: 192.168.1.150
      DHCP_ROUTER: 192.168.1.1
      #DHCP_IPv6: 'true'
      VIRTUAL_HOST: 'pi.hole'
      DNSMASQ_LISTENING: 'all'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    dns:
     - 127.0.0.1
     - 208.67.222.220
    networks:
      backend:
        ipv4_address: 172.31.0.100
      frontproxy_proxy-tier: {}
    restart: unless-stopped

  dhcphelper:
      build: ./dhcp-helper
      restart: unless-stopped
      network_mode: "host"
      command: -s 172.31.0.100
      cap_add:
        - NET_ADMIN

networks:
  backend:
    ipam:
      config:
        - subnet: 172.31.0.0/24
  frontproxy_proxy-tier:
    external: true

I've installed DHCP service as systemd deamon on host machine, but we can continue debugging...

You have the dhcphelper container on the host network. Why not just run the pihole container on the host network and eliminate dhcphelper?

Well, then I'm gonna block port 80 and I have other dockers on this machine running.
I could eventually try with VLAN's but don't have time right now. I think the issue is with the mask not being set in config file, but this I can not check easily...

As I said, I've setup simple DHCP server on host machine so it works now perfectly fine.
Pi-hole, as DNS works also perfect, it is fast and (so far) reliable. I finally don't need to install adblocks everywhere :). Thank you!