Expected Behaviour:
PiHole Web interface exposed on dedicated IP
Actual Behaviour:
ports blocked --> no access
[✗] DNS resolution is currently unavailable
Debug Token:
pihole -d
pihole: command not found
ditto pi.hole and variants
Summary:
briefly:
RPi configured to provide an IoT environment on Docker + Portainer (MQtt --> Node-Red --> InfluxDb 1.x --> Grafana) using IoTstack.
PiHole already successfully deployed on Synology NAS DS916+ using Portainer. Used as Primary DNS.
PiHole working very well.
Adding PiHole to Raspberry Pi as fallback/Secondary DNS in case of Primary DNS failure
(Note: Synology NAS PiHole installation used https://www.wundertech.net/how-to-install-pi-hole-on-portainer/)
Was hoping to replicate for the RPi but the problem appears to be the use of the macvlan network which causes no problems on the Synology NAS.
NAS:
Fixed IP: 192.168.1.15 (ports exposed only for existing services, not for PiHole)
macvlan network on 192:16.1.16/32 (only the macvlan ports exposed, as expected: 53, 80)
(port 67 not needed as DHCP served by router on 192.168.1.1)
Web Interface to PiHole available on port 80
RPi:
After numerous failed attempts to follow same Wundertech script, opted to install PiHole using IoTstack
Uses "iotstack_default" network
The IoTstack install of PiHole functions correctly when router DNS set to 192.168.1.50 (the fixed IP of the Raspberry Pi):
- blocks queries on port 53 and Web Interface available on port 80 as expected
- i.e., normal functional behaviour
RPi - different IP:
The ONLY change made is to switch from "iotstack_default" network to the "ph_network" network (as advocated in the Wundertech tutorial): the same network that I've used successfully on the NAS. Here's how "ph_network" is created:
sudo docker network create -d macvlan -o parent=wlan0 --subnet=192.168.1.0/24 --gateway=192.168.1.1 --ip-range=192.168.1.17/32 ph_network
Note the restrictive subnet.
Here's the output of the PiHole Log on Portainer:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service cron: starting
s6-rc: info: service cron successfully started
s6-rc: info: service _uid-gid-changer: starting
s6-rc: info: service _uid-gid-changer successfully started
s6-rc: info: service _startup: starting
[i] Starting docker specific checks & setup for docker pihole/pihole
[i] Setting capabilities on pihole-FTL where possible
[i] Applying the following caps to pihole-FTL:
* CAP_CHOWN
* CAP_NET_BIND_SERVICE
* CAP_NET_RAW
* CAP_NET_ADMIN
[i] Ensuring basic configuration by re-running select functions from basic-install.sh
[i] Installing configs from /etc/.pihole...
[i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
[i] Installing /etc/dnsmasq.d/01-pihole.conf...
[✓] Installed /etc/dnsmasq.d/01-pihole.conf
[i] Installing /etc/.pihole/advanced/06-rfc6761.conf...
[✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
[i] Installing latest logrotate script...
[i] Existing logrotate file found. No changes made.
[i] Assigning password defined by Environment Variable
[✓] Password Removed
[i] Added ENV to php:
"TZ" => "Etc/UTC",
"PIHOLE_DOCKER_TAG" => "",
"PHP_ERROR_LOG" => "/var/log/lighttpd/error-pihole.log",
"CORS_HOSTS" => "",
"VIRTUAL_HOST" => "Pi-Hole-DNS-ph_net",
[i] Using IPv4 and IPv6
[i] Installing latest Cron script...
[✓] Installing latest Cron script
[i] Preexisting ad list /etc/pihole/adlists.list detected (exiting setup_blocklists early)
[i] Setting DNS servers based on PIHOLE_DNS_ variable
[i] Applying pihole-FTL.conf setting LOCAL_IPV4=0.0.0.0
[i] Applying pihole-FTL.conf setting MAXDBDAYS=365
[i] FTL binding to default interface: eth0
[i] Enabling Query Logging
[i] Testing lighttpd config: Syntax OK
[i] All config checks passed, cleared for startup ...
[i] Docker start setup complete
[i] pihole-FTL (no-daemon) will be started as pihole
s6-rc: info: service _startup successfully started
s6-rc: info: service pihole-FTL: starting
s6-rc: info: service pihole-FTL successfully started
s6-rc: info: service lighttpd: starting
s6-rc: info: service lighttpd successfully started
s6-rc: info: service _postFTL: starting
s6-rc: info: service _postFTL successfully started
s6-rc: info: service legacy-services: starting
Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
s6-rc: info: service legacy-services successfully started
[✗] DNS resolution is currently unavailable
I'm really struggling with DNS concepts (quite new to me) and am quite happy to believe that the RPi implements its network differently from the Synology NAS. I don't know what diagnostics to run and am finding the interpretation of the outputs of various checks I have made (netstat, ifconfig -a, for example, difficult).
That's enough info for now but glad to provide results of any other checks you deem necessary.
Any suggestions how to move forward greatly appreciated.
Thanks,
Ric