Pihole + unbound in docker container with working dhcp service

matt777 · January 21, 2022, 8:14am

The issue I am facing:
So basically i want to run pihole together with unbound in a docker container. Maybe also using a macvlan if i had to do this in order to get it working. In the end i also want to use phiole as an dhcp server.

Running pihole itself in a docker container is pretty simple. But dhcp is not working - i think it's all about network issues and network settings with docker, etc.

So far so not good. This is my docker-compose file:

version: '2'

volumes:
  pihole:
  dnsmasq:

services:
  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    #ports:
    #  - "53:53/tcp"
    #  - "53:53/udp"
    #  - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
    #  - "81:80/tcp"
    cap_add:
      - NET_ADMIN
    environment:
      ServerIP: ${ServerIP}
      WEB_PORT: 81
      WEBPASSWORD: ${WEBPASSWORD}
      TZ: 'Europe/Berlin'
      DNS1: 127.0.0.1#5335 # Hardcoded to our Unbound server
      DNS2: 127.0.0.1#5335 # Hardcoded to our Unbound server

    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    dns:
      - '127.0.0.1'
      - '1.1.1.1'
    network_mode: host
    restart: unless-stopped
  unbound:
    image: klutchell/unbound:1.13.2
    ports:
      - '5053:5053/tcp'
      - '5053:5053/udp'
    restart: unless-stopped

Some configurations are stored inside a .env file:

ServerIP=192.168.178.34
WEBPASSWORD=nope
REV_SERVER=true
REV_SERVER_DOMAIN=local
DOMAIN_NAME=pihole.local

I tried something with network_mode: host so i had to uncomment some port lines.

This is building a working pihole container. I also think unbound should work. Well, docker ps -a tells me, unbound is running, so i guess its working.

Now i try to change some settings in my fritzbox 6591 cable router. If i only change dns to the address of my pihole, it's working pretty much. But the hostnames are wrong (router name instead of device name - the classic "issue" with pihole. The internet is full of post with this stuff). So to get rid of this problem, i thought about using my pihole also as a dhcp server. This should work i guess.

But enabling dhcp in pihole, adding the correct ip range, gateway address etc and deactivate dhcp in my router configurations, i'll simply get no internet connection. Also in Currently active DHCP leases (pihole) there are no devices. It's simply not working. I think the main issue here is something with docker and the network settings. Maybe adding a macvlan? I don't know. I don't have much knowledge about this network type.

So can someone tell me how to set up a proper docker-compose for pihole and unbound which can also work as a dhcp server?

So long story short: Just ignore the fact, that i also want to run unbound. I need a working pihole docker-compose for dhcp.

Details about my system:
Running pihole in a docker container, the latest version, which is currently for docker with the latest tag: Pi-hole v5.6
Intel NUc, running manjaro system: Linux version 5.9.16-1-MANJARO (builduser@LEGION) (gcc (GCC) 10.2.0, GNU ld (GNU Binutils) 2.35.1) #1 SMP PREEMPT Mon Dec 21 22:00:46 UTC 2020
Docker is running as Docker version 20.10.11, build dea9396e18

Bucking_Horn · January 21, 2022, 10:04am

Docker's default bridge network mode will isolate your containers from your network, and since client's DHCP broadcasts will only reach a DHCP server in the same network segment, they will never reach Pi-hole in such a configuration.

There's a couple of options available to address this - have a read through our suggestions at Docker DHCP and Network Modes and see which one of them would best fit your requirements.

(Not related to your DHCP issue:
*.local FQDNs are reserved for usage by the mDNS protocol as implemented e.g. by Apple's Bonjour or Linux' avahi - they shouldn't be used with DNS)

matt777 · January 21, 2022, 10:07am

Thanks for the reply. I already read the docs and you can see in my docker-compose, i already tried network_mode: host with no suggest - and i can't tell you where the problem is, because the docs itself says "Possibly the simplest way to get DHCP working with Docker Pi-hole is to use host networking [...]". So i guess there is no other option as a macvlan network?

Bucking_Horn · January 21, 2022, 11:04am

Did you really had them uncommented for host mode?
You can't use port mapping with Docker's host network mode - the port definitions must be commented (as they seem to be in your config?).

In general, there should be no issues with DHCP in host mode.

Try afresh with a docker-compose that just includes Pi-hole, and work your way from there to combine and cooperate with other services. (Note that (as far as I am aware of) there is no official unbound image, so pick one from a source that you trust and that at least seems to be maintained regularly.)

As combining several services in the same docker-compose is specific to Docker, you should consider to consult Docker's documentation and support as well.

You may also want to consider to search our forum - similar questions have been asked and probably received some valuable feedback that may be applicable to your usage scenario as well.

matt777 · January 21, 2022, 12:26pm

All in all, i get it working with a macvlan. This is my docker-compose.yml file:

version: '2'

volumes:
  pihole:
  dnsmasq:

networks:
  macvlan_network:
    driver: macvlan
    driver_opts:
      parent: enp1s0
    ipam:
      driver: default
      config:
       - subnet: 192.168.178.0/24
         gateway: 192.168.178.1

services:
  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    hostname: ${HOSTNAME}
    cap_add:
      - NET_ADMIN
    environment:
      ServerIP: ${ServerIP}
      WEB_PORT: 81
      WEBPASSWORD: ${WEBPASSWORD}
      TZ: ${TZ}
      DNS1: 192.168.178.253 # Hardcoded to our Unbound server
      DNSSEC: "true" # Enable DNSSEC
      DNSMASQ_LISTENING: local
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    networks:
      macvlan_network:
        ipv4_address: 192.168.178.254
    restart: always

  unbound:
    image: klutchell/unbound:latest
    ports:
      - '5053:5053/tcp'
      - '5053:5053/udp'
    networks:
      macvlan_network:
        ipv4_address: 192.168.178.253
    restart: always

I can reach pihole web interface under 192.168.178.254:81. To be honest, unbound is still not working (if i add 127.0.0.1#5335 as my custom 1 (IPv4) nothing is working anymore, but i.e. Cloudflare as upstream dns server is working), but this is a different issue. DHCP is working.

Edit: Updated my docker-compose file in this post. This is the solution to get unbound working. Just add 192.168.178.253 into custom 1 (IPv4), thats it.

system · February 11, 2022, 12:26pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.