I've set up my pihole in a docker container, running in my ubuntu server. Pihole seems to be working correctly because if I change my DNS settings in my devices, I see traffic coming through on the dashboard. However, no ads are blocked whatsoever. If I disable my router's DHCP and enable Pihole's, literally nothing happens. My connections still work, but Pihole seems to have no traffic coming through.
A client's DHCP broadcasts are same-segment only, so Pi-hole has to be on the same segment as your clients to receive them at all. Docker may isolate Pi-hole into its own network segment.
Hi, sorry for the late reply. I'm running in the default mode. After setting it up again, I managed to have traffic come through pihole on my entire network. Instead of using Pihole's DHCP network, I'm using my router's and using Pihole as the DNS server. However, I'm using my server's local IP. I hope that's the correct way of doing things because I couldn't find any working alternatives. If it's not, please let me know.
Although my problem now is that I can't seem to block any ads. My percentage of blocked ads is around 2%. What can I do?
Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
Fresh Docker installation.
I use docker-compose file.
I configured it with bridge networking as per this discussion (which is linked in Github): DHCP with docker-compose and bridge networking
At the beginning I was thinking that problem is with dhcp-helper, but I've exec to pi-hole docker image, installed some tools, and I can see that port 67 is used:
# netstat -apn
udp 0 0 0.0.0.0:67 0.0.0.0:* -
but when I try:
root@8807fb76fae6:/# nmap --script broadcast-dhcp-discover
Starting Nmap 7.80 ( https://nmap.org ) at 2022-09-28 14:58 CEST
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 10.33 seconds
it gives me nothing. So, my best guess is that its an issue with pi-hole itself
I did run debug and you can see output here: https://tricorder.pi-hole.net/bedfFxAU/
*** [ DIAGNOSING ]: Pi-hole diagnosis messages
count last timestamp type message blob1 blob2 blob3 blob4 blob5
------ ------------------- -------------------- ------------------------------------------------------------ -------------------- -------------------- -------------------- -------------------- --------------------
2 2022-09-28 14:46:13 DNSMASQ_WARN no address range available for DHCP request via eth0
2 2022-09-28 14:46:13 DNSMASQ_WARN no address range available for DHCP request via eth1
2 2022-09-28 14:46:13 DNSMASQ_WARN no address range available for DHCP request via lo
WARNING: No targets were specified, so 0 hosts scanned.
is a correct message. In this case nmap is not scanning any host but it is sendinf DHCP request to broadcast and waiting for DHCPOFFER.
*** [ DIAGNOSING ]: Pi-hole diagnosis messages
count last timestamp type message blob1 blob2 blob3 blob4 blob5
------ ------------------- -------------------- ------------------------------------------------------------ -------------------- -------------------- -------------------- -------------------- --------------------
2 2022-09-28 14:46:13 DNSMASQ_WARN no address range available for DHCP request via eth0
2 2022-09-28 14:46:13 DNSMASQ_WARN no address range available for DHCP request via eth1
2 2022-09-28 14:46:13 DNSMASQ_WARN no address range available for DHCP request via lo
This is actually a nice catch. I did some debugging and in 02-pihole-dhcp.conf we have:
dhcp-range=192.168.1.200,192.168.1.210,24h
while in man for dnsmasq they say:
For networks which receive DHCP service via a relay agent, dnsmasq cannot determine the netmask itself, so it should be specified
Unfortunately this is set by web-admin so I don't have any option for workaround here.
I did test however by setting in web gui dhcp-range from 172.31.0.100/16 and it works:
root@8807fb76fae6:/var/log/pihole# nmap --script broadcast-dhcp-discover -e eth1
Starting Nmap 7.80 ( https://nmap.org ) at 2022-09-29 01:27 CEST
Pre-scan script results:
| broadcast-dhcp-discover:
| Response 1 of 1:
| IP Offered: 172.31.0.157
| DHCP Message Type: DHCPOFFER
| Server Identifier: 172.31.0.100
| IP Address Lease Time: 2m00s
| Renewal Time Value: 1m00s
| Rebinding Time Value: 1m45s
| Subnet Mask: 255.255.0.0
| Broadcast Address: 172.31.255.255
| Domain Name Server: 172.31.0.100
| Domain Name: lan
|_ Router: 172.31.0.1
version: "3"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
ports:
- "53:53/tcp"
- "53:53/udp"
- "8001:80/tcp"
# - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
environment:
TZ: 'Europe/Paris'
FTLCONF_LOCAL_IPV4: 192.168.1.20
PIHOLE_DNS_: 208.67.222.222;208.67.222.220
DHCP_ACTIVE: "true"
DHCP_START: 192.168.1.100
DHCP_END: 192.168.1.150
DHCP_ROUTER: 192.168.1.1
#DHCP_IPv6: 'true'
VIRTUAL_HOST: 'pi.hole'
DNSMASQ_LISTENING: 'all'
# WEBPASSWORD: 'set a secure password here or it will be random'
# Volumes store your data between container upgrades
volumes:
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
dns:
- 127.0.0.1
- 208.67.222.220
networks:
backend:
ipv4_address: 172.31.0.100
frontproxy_proxy-tier: {}
restart: unless-stopped
dhcphelper:
build: ./dhcp-helper
restart: unless-stopped
network_mode: "host"
command: -s 172.31.0.100
cap_add:
- NET_ADMIN
networks:
backend:
ipam:
config:
- subnet: 172.31.0.0/24
frontproxy_proxy-tier:
external: true
I've installed DHCP service as systemd deamon on host machine, but we can continue debugging...
Well, then I'm gonna block port 80 and I have other dockers on this machine running.
I could eventually try with VLAN's but don't have time right now. I think the issue is with the mask not being set in config file, but this I can not check easily...
As I said, I've setup simple DHCP server on host machine so it works now perfectly fine.
Pi-hole, as DNS works also perfect, it is fast and (so far) reliable. I finally don't need to install adblocks everywhere :). Thank you!