Solve DNS Resolution in Other Containers when using Docker pihole

Problem

When using docker pihole container as the sole DNS on the network, other containers cannot resolve DNS.

Symptoms

  • Other containers unable to resolve DNS
  • using nslookup in other containers gives erros stating something like
    ;; reply from unexpected source: 172.17.0.1#53, expected 192.168.1.2#53
    where 192.168.1.2 is the pihole DNS and 172.17.0.1 is the docker bridge network gateway
  • pihole logs show that the queries from other containers are arriving, forwarding, and being responded to as far as pihole knows.

Cause

I think it's because Docker does shenanigans with DNS so that it can do automated name resolution based on container names. The iptables Docker puts in place don't seem to be properly masquerading the IP of the DNS, so the container thinks its DNS request are being intercepted and ignores the responses.

Solution

Bind the DNS listening port to the specific external IP you want to listen on in the docker run or docker-compose file. e.g. my docker compose went from this:

ports:
      - "53:53/tcp"
      - "53:53/udp"
      #- "67:67/udp"
      - "81:80/tcp"
      - "443:443/tcp"

to this:

ports:
      - "53:53/tcp"
      - "192.168.1.2:53:53/udp"
      #- "67:67/udp"
      - "81:80/tcp"
      - "443:443/tcp"

I imagine the same might need to be done for 53/tcp as well, though I haven't worked that yet since I don't use DNS over TCP.

1 Like

I had the very same problem: all devices in the network including the raspberry pi itself could use the pihole as the new DNS server... except inside the other containers running on the raspberry pi.

Your solution - using the local IP address of the raspberry pi - worked! I don't know how you manage to find that :slight_smile: .

Thank you very much! :pray: