Plex linuxserver.io container can't update on start

Help docker
1

Regardless of Pihole enabled or disabled, Plex behind Pihole can't access downloads.plex.tv.

  • Pihole is configured with 1.1.1.1 and 1.0.0.1
  • The connection works when I set the container to use Cloudflare DNS
  • The issue happens regardless of the Plex container env var used to specify what release to use, e.g. VERSION=latest
  • Plex container: https://hub.docker.com/r/linuxserver/plex

I'm a little baffled with this one... Any help appreciated.

Behind Pihole:

[cont-init.d] 60-plex-update: executing...
Atempting to upgrade to:
wget: unable to resolve host address ‘downloads.plex.tv’

########################################################
# Upgrade attempt failed, this could be because either #
# plex update site is down, local network issues, or   #
# you were trying to get a version that simply doesn't #
# exist, check over the VERSION variable thoroughly &  #
# correct it or try again later.                       #
########################################################

[cont-init.d] 60-plex-update: exited 0.

Container using 1.1.1.1

[cont-init.d] 60-plex-update: executing...
No update required
[cont-init.d] 60-plex-update: exited 0.

nslookup from PC behind Pihole:

nslookup downloads.plex.tv
Server: 192.168.1.100
Address: 192.168.1.100#53

Non-authoritative answer:
downloads.plex.tv canonical name = downloads.plex.tv.cdn.cloudflare.net.
Name: downloads.plex.tv.cdn.cloudflare.net
Address: 104.18.156.41
Name: downloads.plex.tv.cdn.cloudflare.net
Address: 104.18.157.41
Name: downloads.plex.tv.cdn.cloudflare.net
Address: 2606:4700::6812:9c29
Name: downloads.plex.tv.cdn.cloudflare.net
Address: 2606:4700::6812:9d29

Pihole docker-compose:

#PiHole - Adblock DNS - https://github.com/pi-hole/docker-pi-hole
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    domainname: docker
    hostname: pihole
    restart: unless-stopped
    networks:
      t2_proxy:
        ipv4_address: 172.19.0.20
    volumes:
      - ${USERDIR}/docker/pihole/pihole:/etc/pihole
      - ${LOG}/pihole/pihole.log:/var/log/pihole.log
      - ${LOG}/pihole/pihole-FTL.log:/var/log/pihole-FTL.log
      - ${LOG}/pihole/pihole_debug-sanitized.log:/var/log/pihole_debug-sanitized.log      
      - ${USERDIR}/docker/pihole/dnsmasq.d:/etc/dnsmasq.d
      - ${USERDIR}/docker/shared:/shared
    extra_hosts:
      - "manifest.googlevideo.com:172.217.1.14" #attempt to block youtube ads
    dns:
      - 127.0.0.1
      - 1.1.1.1 #cloudfare      
    ports:
      - "8182:80"
      - "8183:443"
      - "53:53/tcp"
      - "53:53/udp"
#      - "67:67/udp" #only needed if running as DHCP server
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - DNS1=1.1.1.1
      - DNS2=1.0.0.1
      - PROXY_LOCATION=pihole
      - VIRTUAL_HOST=pihole.${DOMAINNAME}
      - VIRTUAL_PORT=80
      - API_EXCLUDE_DOMAINS=*.plex.direct
      - API_EXCLUDE_DOMAINS=plex.tv.brady
      - API_EXCLUDE_DOMAINS=*.${DOMAINNAME}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.pihole-rtr.entrypoints=https"
      - "traefik.http.routers.pihole-rtr.rule=Host(`pihole.$DOMAINNAME`)"
      - "traefik.http.routers.pihole-rtr.tls=true"
      - "traefik.http.routers.pihole-rtr.middlewares=chain-oauth@file" # Google OAuth 2.0
      - "traefik.http.routers.pihole-rtr.service=pihole-svc"
      - "traefik.http.services.pihole-svc.loadbalancer.server.port=80"