The issue I am facing:
I have installed pihole using docker-compose in an M2 mac mini. The container is running fine without any error in the pi-hole container log.
However, when I try to do the name resolution from my host Mac, it is not working. I run the following command
dig facebook.com @HOST_MACHINE_IP
; <<>> DiG 9.10.6 <<>> facebook.com @192.168.2.200
;; global options: +cmd
;; connection timed out; no servers could be reached
When I try the same command from inside pi-hole container, it works and I can also see the number of total queries increased in pi-hole web UI.
As I already forward both TCP and UDP port 53 to my host machine, I expect DNS resolution should be working on my host machine as well but it is working. I checked in my host machine to see if the host machine is actually listening on port 53 with the following command and it seems like host machine is listening of port 53 (both TCP and UDP)
nc -vz -u localhost 53
Connection to localhost port 53 [udp/domain] succeeded!
can anyone please help me to figure out why the DNS resolution is not working from the host machine?
Details about my system:
Mac min M2. Docker is installed using brew. Using colima to run docker container and the docker config is as below
version: "3.8"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
- "80:80/tcp"
environment:
TZ: 'Europe/Berlin'
WEBPASSWORD: 'dummyPass'
#ServerIP: '192.168.2.200'
# Volumes store your data between container upgrades
volumes:
#- './etc-pihole:/etc/pihole'
#- './etc-dnsmasq.d:/etc/dnsmasq.d'
- etc-pihole:/etc/pihole
- etc-dnsmasq.d:/etc/dnsmasq.d
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
#cap_add:
# - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
restart: unless-stopped
volumes:
etc-pihole:
driver: local
etc-dnsmasq.d:
driver: local
I found that in M2 machine with ventura without the docker-compose running there is already some application listening on port 53. I got the following output after putting the docker compose completely down. May be this is the main issue.
# nc -vz -u localhost 53
Connection to localhost port 53 [udp/domain] succeeded!
This has to stay at 53.
Remapping the standard DNS port won't work, as clients will always connect to port 53 (unless you would manually configure each client and probably each piece of software on each of them to use a custom port instead).
I changed it from "53:53/tcp" to "5353:53/tcp" while debugging actually. It seems like some older version of docker has difficulty to port-forward same port number for UDP and TCP. That's why I was testing if moving tcp 53 to 5353 may allow UDP 53. But that config didn't help.
I have updated the config above. I think I have to figure out what is listening on UDP 53 on mac M2 machine and stop that process so that UDP 53 can be used by my pi-hole
