Pihole in docker, DNS server is reported as docker container IP?

PapaHotel · May 10, 2023, 6:23am

The issue I am facing:
I have pihole set up in a docker container as per the command at the end of this post. It mostly works, but the issue I have is that the clients are getting the internal IP adddress of the pihole docker container instead of the network address.

So, the client gets this:
DHCP Server . . . . . . . . . . . : 172.18.0.20
DNS Servers . . . . . . . . . . . : 172.18.0.20

Instead of this:
DHCP Server . . . . . . . . . . . : 192.168.0.100
DNS Servers . . . . . . . . . . . : 192.168.0.100

192.168.0.100 is the IP address of the host Fedora box that is running the pihole docker container. The issue is, that 172.18.0.20 cannot be reached by the network clients.

If I just manually set the DNS server to 192.168.0.100 in the client, then DNS works, but I was hoping to have the Pihole DHCP service supply the DNS server IP. Note that the client gets the correct IP address from the DHCP lease table, even though the DHCP server is shown as an internal docker container IP.

Details about my system:
Intel CPU, Fedora Silverblue, Docker, Pihole

What I have changed since installing Pi-hole:
I have installed docker in the container as shown, and then used the admin interface to specify some fixed IP address leases (working), and durned on DHCP (working). As long as I overwrite the incorrect DNS IP address supplied to clients from Pihole, everything does work.

Docker Create command
sudo docker run -d
--name pihole
-v ~/pihole/config/:/etc/pihole/
-v ~/pihole/config/dnsmasq.d:/etc/dnsmasq.d/
--ip "172.18.0.20"
--network=unbound_network
-p 81:80/tcp
-p 53:53/tcp
-p 53:53/udp
-p 67:67/udp
-p 68:68/udp
-e ServerIP=192.168.0.100
-e TZ="Australia/Brisbane"
-e WEBPASSWORD="apassword"
-e DNS1="172.18.0.10"
--dns=127.0.0.1
--restart=unless-stopped
--privileged
pihole/pihole:latest

Thank you for any and all help.

NogNeetMachinaal · May 10, 2023, 7:07am

Consider reviewing your config against this:

github.com/pi-hole/docker-pi-hole

examples/docker_run.sh

aeb423947

#!/bin/bash

# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

PIHOLE_BASE="${PIHOLE_BASE:-$(pwd)}"
[[ -d "$PIHOLE_BASE" ]] || mkdir -p "$PIHOLE_BASE" || { echo "Couldn't create storage directory: $PIHOLE_BASE"; exit 1; }

# Note: FTLCONF_LOCAL_IPV4 should be replaced with your external ip.
docker run -d \
    --name pihole \
    -p 53:53/tcp -p 53:53/udp \
    -p 80:80 \
    -e TZ="America/Chicago" \
    -v "${PIHOLE_BASE}/etc-pihole:/etc/pihole" \
    -v "${PIHOLE_BASE}/etc-dnsmasq.d:/etc/dnsmasq.d" \
    --dns=127.0.0.1 --dns=1.1.1.1 \
    --restart=unless-stopped \
    --hostname pi.hole \
    -e VIRTUAL_HOST="pi.hole" \
    -e PROXY_LOCATION="pi.hole" \

This file has been truncated. show original

More details on running Docker

github.com/pi-hole/docker-pi-hole

README.md

master

# Docker Pi-hole

[![Build Status](https://github.com/pi-hole/docker-pi-hole/workflows/Test%20&%20Build/badge.svg)](https://github.com/pi-hole/docker-pi-hole/actions?query=workflow%3A%22Test+%26+Build%22) [![Docker Stars](https://img.shields.io/docker/stars/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole) [![Docker Pulls](https://img.shields.io/docker/pulls/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole)

<div align="center">
  <a href="https://pi-hole.net/">
    <img src="https://pi-hole.github.io/graphics/Vortex/vortex_with_text.svg" width="144" height="256" alt="Pi-hole website">
  </a>
  <br>
  <strong>Network-wide ad blocking via your own Linux hardware</strong>
  <br>
  <br>
  <div align="center">
    <a href="https://pi-hole.net/">Pi-hole website</a> |
    <a href="https://docs.pi-hole.net/">Documentation</a> |
    <a href="https://discourse.pi-hole.net/">Discourse Forum</a> |
    <a href="https://pi-hole.net/donate">Donate</a>
  </div>
  <br>
  <br>

This file has been truncated. show original

Especially the parts under "Note on Capabilities".

PapaHotel · May 10, 2023, 7:25am

I think i resolved it to a mostly working state.

I edited this file
sudo nano pihole/config/dnsmasq.d/02-pihole-dhcp.conf

I added this line and saved the file
dhcp-option=6,192.168.0.100,192.168.0.101

Note that I have the docker pihole on 192.168.0.100, and another pihole, running on a pi 3b+ at 192.168.0.101.

Then I restarted the FTL service in docker
sudo docker exec pihole service pihole-FTL restart

And on one windows client, I renewed the IP address
ipconfig /renew

And the result was that ipconfig /all now showed those two desired DNS IP addresses instead of the local docker container IP address.

For some odd reason, the ipconfig /all still shows the DHCP server as the internal 172.18.0.20 ip address, but at this point it is not causing any issues. I would like to understand if this can be fixed eventually.

EDIT While this does work, I now notice that the change is overwritten when I recreate the docker container, so I am researching to see if this option can be passed in at the docker run command.

Thanks

PapaHotel · May 10, 2023, 8:56am

OK, I found a way that works. I don't know if I am missing something very simple here, as this seems a little complex just to get Pihole DNS inside Docker to report the correct network IP address to clients, not the internal docker IP address.

Create a new file in the host path where you store your Pihole config. Edit this to suit your local pihole config folder
sudo nano pihole/config/dnsmasq.d/dnsipfix.conf

Place the single line below, after changing it to your own Pihole's IP address
dhcp-option=6,192.168.0.100

Optionally, you could specify two pihole addresses if you want
dhcp-option=6,192.168.0.100,192.168.0.100

Save that file and then restart FTL in the docker container
sudo docker exec pihole service pihole-FTL restart

I have proven that this change works, and survives the container restart.

If there is a simpler way than this to get the Pihole DNS to report the correct DNS IP address, I would love to hear about it. I believe that this argument was meant to specify the IP address that the PiHole server is to use, but I cannot make that do anything.
-e ServerIP=192.168.0.100

The DHCP address is still reported as the internal docker container address, but it appears to cause no issues.
Cheers

Bucking_Horn · May 10, 2023, 10:13am

I am surprised that your machines are able to acquire a DHCP lease at all.

You are not configuring a specific Docker network mode for your Pi-hole container, so Docker would be using its default bridge network, isolating your container from your private home network onto that Docker internal network link.

Broadcasts of regular clients from your 192.168.0.0/24 network would never reach a DHCP server in such a network:
As DHCP broadcasts are same-link only, only broadcasts from within that 172.18.x.x. Docker network would be able to reach Pi-hole.
And for those, the replies you observe would be correct.

If your Pi-hole container would run e.g. in Docker's host network mode, then your Pi-hole container would be able to receive DHCP broadcasts from 192.168.0.0/24, and it would serve them correctly.

As yoiu report at least one Windows client to have acquired a lease through Pi-hole, there is something off about your setup.

What did you do to break Docker's network isolation for its default bridge network?

Rather than trying to manually force Pi-hole's DHCP server into expected behaviour, you should consider to adjust your Docker configuration.

system · May 31, 2023, 10:13am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.