PiHole/Docker - Doesn't use forward DNS but 127.0.0.11

alez · May 19, 2023, 4:03pm

Hi all,
I installed PiHole (Docker Tag [2023.03.1] Pi-hole [v5.16.2] * FTL [v5.22]Web Interface [v5.19] ) in a docker container. I used docker compose. For some reason it seems it always use 127.0.0.11 as a forwarder DNS (refer the attached picture)....ok 127.0.0.11 is the default DNS in a docker container but my expectation was different. I configured OpenDNS and Quad9 as a forwarder DNS so I'm expecting this will be contacted if a resolution is not cached or blocked.

If you need my docker compose:

version: "3"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
      - "443:443/tcp"
    environment:
      TZ: 'Europe/Rome'
      WEBPASSWORD: 'Qpeiccb01!'
    volumes:
      - './etc/etc-pihole:/etc/pihole'
      - './etc/etc-dnsmasq.d:/etc/dnsmasq.d'
    networks:
      veth0:
        ipv4_address: 192.bbb.aaa.125
      veth1:
        ipv4_address: 192.bbb.aaa.253
    restart: unless-stopped

networks:
  veth0:
    name: veth0
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: 192.bbb.aaa.0/25
          gateway: 192.bbb.aaa.126

  veth1:
    name: veth1
    driver: macvlan
    driver_opts:
      parent: wlan0
    ipam:
      config:
        - subnet: 192.bbb.aaa.128/25

rdwebdesign · May 19, 2023, 9:18pm

You could try to upload a Debug Log, but I don't think you will be able to do it with your current DNS.

If your attempt to upload the log works, please post here only the token.

If your attempt fails, please post only these sections of you debug log:

*** [ DIAGNOSING ]: Network routing table
   default via 192.168.0.1 dev eth0 
   192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.201 

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
    192.168.0.201/24

// AND

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
     ...    
   DHCP packets received on interface lo: 0
   DHCP packets received on interface eth0: 1

Note: You don't need to redact your local IP addresses.

alez · May 20, 2023, 6:16am

Thanks for the answer. I uploaded the debug log.

The debug token is => Your debug token is: https://tricorder.pi-hole.net/t8EjGRtk/

rdwebdesign · May 20, 2023, 9:44pm

All my containers using macvlan show nameserver 127.0.0.11 in /etc/resolv.conf, but I never saw 127.0.0.11#53 on the web interface. I don't think this is the issue here.

Let's try to see what upstream DNS server pihole is really using. What is the output of:

dig +short chaos txt servers.bind @192.168.18.125

rdwebdesign · May 20, 2023, 10:39pm

I'm also trying to understand you LAN.

Is 192.168.18.126 your router's IP or the host IP?

alez · May 21, 2023, 6:38am

Hi rdwebdesign
following you can find the command output.

$ dig +short chaos txt servers.bind @192.168.18.125
"127.0.0.11#53 19156 0"

$ dig +short chaos txt servers.bind @192.168.18.253
"127.0.0.11#53 19183 0"

For my understanting. I'm expecting PiHole use the Upstream DNS configured and not the default DNS in resolv.conf. Am I wrong? Anyway at the moment i tried and PiHole is blocking via lists/regex and not per upstream dns.

About the LAN configuration. It's a PiHole installed on an OpenWrt (raspberry). This OpenWrt act as a AccessPoint to segregate a dedicated system.

Thanks

system · June 15, 2023, 7:02pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.