If you are ok with everything installed on the synology using an outside DNS without pihole you can set the DNS to something other then the bridge such as google.
Otherwise there seems to be an issue with the bridge networks communicating. Example: The Synology is telling the default docker bridge to use the Pihole_Bridge for the DNS but it doesnt have any idea where that ip is.
I have not tried this or even sure if it will allow it but try setting up an ip table for:
Other ways to look into this could be removing pihole from the pihole_bridge and installing onto the default bridge. (shutdown container and remove from Pihole_Bridge and add it to bridge.) The only issue I would have here is knowing what the IP would be. You may or may not be able to use 172.17.0.1 for the DNS of the synology.
I tried to setup an ip table as you recommended, but I can only select "Bond 1" as an interface. Is there a way to create one using ssh?
The problem with your other solution - I had similar issue in the past - is that there is no way to create a static ip address within the default bridge. All containers get assigned a series of IPs in random order at every reboot, which makes it unreliable as the Pihole address might change after a reboot.
I have been reading a whole bunch of threads online but was not able to find any viable solution yet. This is really frustrating as Pi-hole and everything else is working really well.
I ended up setting CloudFlare's DNS on the Synology which works as you suggested, but too bad I'm not able to rely on Pihole for my containers. I'll keep looking for a solution!
Last thing, after rebooting my NAS several time, I noticed that the Pihole settings "Never forward non-FQDNs" and "Never forward reverse lookups for private IP ranges" are reset after every reboot, and that the "Interface listening behavior" is reset to "Listen on all interfaces" although I set it to "Listen on all interfaces, permit all origins".
Any idea on how to make these settings persistent?
These are all environment variables. See Docker there is a list on there. You can add/change them when creating the docker image and they will always go to the setting.
A quick way to do that is export the container settings and modify the variables in the text file. Then you can delete the container and re import the settings file. If you have the text editor installed on your synology you can do all this on the synology.
This is an example of the env settings in the syno.json that is exported:
The problem with synology is they use something that rewrites the iptables on every shutdown/restart and it deletes the manual settings you create.
Running pihole in a docker image starts to become difficult when locked down to the synology system. You may be able to masquerade the DNS request from the synology to the router (using the routers ip tables and loop it back around to the macvlan. Now I am pretty sure this would be frowned upon in the networking world. This will take some research on your end.
I just came here to point out I spent hours and hours troubleshooting this to get it working on bonded ethernet on synology.
It simply DOES NOT work if you use the synology load sharing mode, you must use the active/passive failover mode ONLY or macvlan DOES NOT work.
I cannot believe this was the problem for me and it explains why it works for some and not for others, as some people would be using 1 type of bonding, the others another.
I simply changed it in the network wizard to the diff type of bond and all is well.
Thanks a lot for sharing your experience Beefyfish! I created a shell script inspired by your walkthrough, perhaps it might be helpful to others too. It can be found here: GitHub repository.