Query on my Setup: Docker on Synology + Merlin Firmware Router


#7

Run pihole -d for a new debug token. I was on vacation for awhile, and the rest of the team has also been busy working on getting the next update out the door.

If you add another DNS server besides Pi-hole to the list, then clients will use them in whatever order they choose. There is no guaranteed order that they will be used in, besides a preference for the fastest one.


#8

Will do but trying to figure out a different issue atm… after a firmware upgrade… when I add dnsmasq.conf.add and forward as said above… entire internet traffic dies… becomes a blackhole … traffic from the same IP (NAS hosted docker) can be seen on Pi-Hole but nothing else reaching it… traceroute fails as well… so something has gone wrong … need to figure it out… I’ve had to remove the dnsmasq setting to get internet back on…


#9

@Mcat12 New token ezsyvn7ns0

There is a different issue here… I did forwarding of DHCP to Pi-Hole… But then nothing works… no resolution is happening… internet dies for us…

Only traffic out is from the NAS (docker hosting Pi-Hole) can be seen…

Please see if u can see if anything is wrong…


#10

Another upload: wafue4pi6o

It totally out of whack… no idea what is happening… when i reboot docker… result is different… when i reboot router… result becomes different…


#11

Can you try doing a fresh install? List exactly what you do to set it up.


#12

@Mcat12

Ok… Latest logs : v3l70snhv3

So

  1. I am running pihole as a docker on Synology NAS

  2. Using https://hub.docker.com/r/diginc/pi-hole/

  3. My Docker config is

{
   "cap_add" : null,
   "cap_drop" : null,
   "cmd" : "",
   "cpu_priority" : 50,
   "devices" : null,
   "enable_publish_all_ports" : false,
   "enable_restart_policy" : true,
   "enabled" : false,
   "entrypoint_default" : "/s6-init",
   "env_variables" : [
      {
         "key" : "TZ",
         "value" : "REDACTED"
      },
      {
         "key" : "WEBPASSWORD",
         "value" : "REDACTED"
      },
      {
         "key" : "PATH",
         "value" : "/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
      },
      {
         "key" : "TAG",
         "value" : "debian"
      },
      {
         "key" : "ARCH",
         "value" : "amd64"
      },
      {
         "key" : "setupVars",
         "value" : "/etc/pihole/setupVars.conf"
      },
      {
         "key" : "PIHOLE_INSTALL",
         "value" : "/tmp/ph_install.sh"
      },
      {
         "key" : "S6OVERLAY_RELEASE",
         "value" : "https://github.com/just-containers/s6-overlay/releases/download/v1.21.2.2/s6-overlay-amd64.tar.gz"
      },
      {
         "key" : "PHP_ENV_CONFIG",
         "value" : "/etc/lighttpd/conf-enabled/15-fastcgi-php.conf"
      },
      {
         "key" : "PHP_ERROR_LOG",
         "value" : "/var/log/lighttpd/error.log"
      },
      {
         "key" : "IPv6",
         "value" : "True"
      },
      {
         "key" : "S6_LOGGING",
         "value" : "0"
      },
      {
         "key" : "S6_KEEP_ENV",
         "value" : "1"
      },
      {
         "key" : "S6_BEHAVIOUR_IF_STAGE2_FAILS",
         "value" : "2"
      },
      {
         "key" : "DNSMASQ_LISTENING",
         "value" : "all"
      },
      {
         "key" : "WEB_PORT",
         "value" : "8888"
      },
      {
         "key" : "ServerIP",
         "value" : "192.168.1.1"
      }
   ],
   "exporting" : false,
   "id" : "223951066e0829697b23f4bb2fb047172b67fee98383d259aa82964382a6cd6d",
   "image" : "diginc/pi-hole:latest",
   "is_ddsm" : false,
   "is_package" : false,
   "links" : [],
   "memory_limit" : 0,
   "name" : "Pi-Hole",
   "network" : [
      {
         "driver" : "host",
         "name" : "host"
      }
   ],
   "network_mode" : "host",
   "port_bindings" : [],
   "privileged" : false,
   "shortcut" : {
      "enable_shortcut" : false
   },
   "ulimits" : null,
   "use_host_network" : true,
   "volume_bindings" : [
      {
         "host_volume_file" : "/docker/pihole/dnsmasq.d",
         "mount_point" : "/etc/dnsmasq.d",
         "type" : "rw"
      },
      {
         "host_volume_file" : "/docker/pihole",
         "mount_point" : "/etc/pihole/",
         "type" : "rw"
      }
   ],
   "volumes_from" : null
}

NAS IP is : 192.168.1.1
Router IP is: 192.168.1.100

Router is Netgear R7000 using Merlin firmware. I set the IP for DNS in my router to “192.168.1.1” as mentioned here (using dnsmasq.conf.add). DNS is set to 192.168.1.100 in Pi-Hole as per guide .

Issues

  1. When doing this… Nothing external is resolving via my laptop
  2. In Pi-Hole admin only devices showing traffic is NAS

Once these issues are fixed, I can then look into other stuff…

I bet this was working the very first time… don’t know what has gone wrong now…


#13

@diginc should take a look at this, since he makes the Docker container and would have better insight.


#14

any help @diginc ?

Thanks


#15

If it worked the first time, it should work a second time if you create a fresh container. Make sure you destroy the old one, pull the latest image, delete your saved volume data to re-seed that data form scratch, and then start up a new container.


#16

yeah I have done that multiple times… and deleted and redownloaded image as well… can u see anything wrong in the container config?

@Mcat12 can either of you see anything wrong in the router / pi-hole setup?


#17

I have resetup with new image pull and with ServerIP set as the LAN (NAS) IP

The docker IP is 172.17.0.5

But the admin is showing all traffic from either NAS or 172.17.0.1 (95% of it - so I am guessing all traffic from all devices)

debug token is: c0xtnuxfok

Edit: Sounds exactly like https://github.com/diginc/docker-pi-hole/issues/135

Any solution to this? I bet this was working previously… just don’t know what the difference is this time… Maybe the network setting between bridge and host has something to do with it…


#19

Ok… I have tried two setups

  1. Docker with net=host and WEB_PORT Set… This setup shows all individual IP’s but there is no internet connection… going through debug logs has the following
*** [ DIAGNOSING ]: Networking
[✗] No IPv4 address(es) found on the eth0 interface.

[✗] No IPv6 address(es) found on the eth0 interface.

*** [ DIAGNOSING ]: Pi-hole processes
[✗] dnsmasq daemon is
[✗] lighttpd daemon is
[✗] pihole-FTL daemon is

Debug token is: 64ygebqtz1

  1. Docker with ports set (-p) (not as host) … This shows all traffic as the single 172.17.0.1 IP and external net is available. Errors are
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
   172.17.0.2/16 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

[✗] No IPv6 address(es) found on the eth0 interface.

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] mmismm.com is 192.168.1.1 via localhost (127.0.0.1)
[✗] Failed to resolve mmismm.com via Pi-hole (192.168.1.1)
[✓] doubleclick.com is 172.217.25.142 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Pi-hole processes
[✗] dnsmasq daemon is
[✗] lighttpd daemon is
[✗] pihole-FTL daemon is

*** [ DIAGNOSING ]: Dashboard and block page
[✗] X-Header does not match or could not be retrieved.

[✗] X-Header does not match or could not be retrieved.

Debug Token is: 1zt9jl2pva

I think 1st setup is best as I do want to see individual IP’s but that ain’t working as well.

@Mcat12 @diginc - Any help with either setup to get them to be nearly as perfect as a Pi setup?

Really love Pi-Hole but don’t want to end up buying a Pi just for this and use docker on my NAS if possible.


#20

Any thoughts?


#21

In your router’s settings, why don’t you just set the DNS1 to Pi-hole’s DNS, disable the “advertise router’s IP in addition to user-specified DNS” option, and remove the extra dnsmasq dhcp option?


#22

Ok… So in which Setup? Option 1 (net=host) or Option 2 (not as host)… I would like all clients to be showing in DHCP… Do I need to move my DHCP with static list to pi-hole as well?


#23

On your --net=host setup, did you try adding -e DNSMASQ_LISTENING=all and/or -e INTERFACE=<nic>? net=host often requires these from what I’ve gathered (I don’t have experience actually using a synology).

from my README

-e INTERFACE=<NIC>
Advanced/Optional The default works fine with our basic example docker run commands. If you’re > trying to use DHCP with --net host mode then you may have to customize this or DNSMASQ_LISTENING.
-e DNSMASQ_LISTENING=<local|all|NIC>
Advanced/Optional local listens on all local subnets, all permits listening on internet origin subnets in addition to local.


#24

I think I was missing this… I had this before… But i might have then put this in bridge mode and thought it’s not working (should have been in host mode)

So currently pihole is working, i can see individual hosts IP reported

DHCP is still on the router and I am forwarding DNS via dnsmasq.conf.add file (dhcp-option=6,192.168.1.1)… On pihole the DNS is pointing to google IPv4

Now

I remember once Pi-Hole stopped working after few hours and thus all of internet died… Is there a failsafe method that if pihole stops responding then go back to router or some other DNS?

@Mcat12 in what way will this be better then my current setup?

Also some of the hosts are showing as resolved names but some are showing IP address… is this due to DHCP not being on Pihole?? shouldn’t be half n half… should be all or none right? for example, nslookup from within the pihole docker does show the resolved name for an IP but the GUI is showing IP address for it…

I am monitoring my traffic atm…

The current setup debug log: ouvbaiph1q

Just in case if anybody wants to see if anything is wrong… and perhaps to compare if pihole goes down / stops serving traffic in next few hours


#25

Just an update… I restarted pihole docker and now none of the IP are resolving to name in hosts list… Even nslookup fails apart from its own IP

root@pihole:/# nslookup 192.168.1.1
Server: 192.168.1.1
Address: 192.168.1.1#53

1.1.168.192.in-addr.arpa name = pihole.

root@pihole:/# nslookup 192.168.1.2
Server: 192.168.1.1
Address: 192.168.1.1#53

** server can’t find 2.1.168.192.in-addr.arpa: NXDOMAIN


#26

If you set the DNS server to Pi-hole instead of messing with the dnsmasq settings, then it eliminates one place where your problem might be coming from. Also, it will let you see client IP addresses.


#27

Done as you suggested… cleared container and files and restarted fresh… still IP are not resolved and nslookup not working

Infact not working from my laptop as well… Nothing internal resolves on nslookup apart from NAS hosting pihole with the name “pihole”