Expected Behaviour:
Pihole shouldn't see any clients or queries, especially not blocking any of them, until I change a device's dns server.
- Unraid 7.1.3
- GIGABYTE B360N WIFI, Intel i5-8400, 16GB RAM
- Docker compose
- Docker Engine 27.5.1
Actual Behaviour:
I have a problem where pihole seems to be overriding either unraid's dns setting or the individual containers dns when using a custom network (br0) but not while using a custom docker network (docker network create). When pihole uses the br0 network mode, other containers like prowlarr starts having dns issues. In prowlarr's case it can't connect to the indexers like drunkenslug. But if I switch pihole to use its own docker network, the issues disappear, but pihole can still see what is happening in for example prowlarr because there's a bunch of api hits to different things and queries to sites like drunkenslug.com. It's even blocking some of the queries.
here's the resolv.conf:
root@Hemmaserver:~# cat /etc/resolv.conf
# resolv.conf(5) file generated by tailscale
# For more info, see https://tailscale.com/s/resolvconf-overwrite
# DO NOT EDIT THIS FILE BY HAND -- CHANGES WILL BE OVERWRITTEN
nameserver 100.100.100.100
search tail651c2.ts.net
and here's some pictures of the gui:
Debug Token:
(Moderator edit: link to explicit debug token removed)
Are you sure it's set to the br0 network and not the Bridge/Host network?
br0 should be using macvlan/ipvlan and thus getting it's own IP address.
Yup, i'm sure. doing a iptables --flush shouldn't change that right? I was trying to add firewall rules but it kept not working so I did a iptables --flush every time it didn't work
Edit: when I did the debug token it was not using br0 because I have left it on its own docker network to not interfere with the other containers
Are you using the same IP address when it's on the br0 and custom network?
(For your own privacy and security, do not post the full, unsanitised debug log output here. We just ask for the token.
Note that I have removed your share host link, but you may want to consider removing public access to that file altogether).
Pi-hole won't touch the DNS configuration of its host's system, so the system that runs your Pi-hole will use whatever DNS server it has been configured for (either by you, some system default or perhaps other processes on your host).
As far as Docker on the same host is concerned, the host system's configured DNS servers would commonly also be used by Docker containers running on that host, unless you'd configure a container's DNS server explicitly.
Your resolv.conf suggests that you are using Tailscale, with 100.100.100.100 being Tailscale's virtual DNS server address.
Please verify that Tailscale wouldn't be configured to use your local Pi-hole for DNS. In addition, also check your containers' DNS configurations.
No, when I use br0 it uses 192.168.1.2, but on the docker network it uses 172.19.0.2
