When using docker pihole container as the sole DNS on the network, other containers cannot resolve DNS.
- Other containers unable to resolve DNS
nslookupin other containers gives erros stating something like
;; reply from unexpected source: 172.17.0.1#53, expected 192.168.1.2#53
192.168.1.2is the pihole DNS and
172.17.0.1is the docker bridge network gateway
- pihole logs show that the queries from other containers are arriving, forwarding, and being responded to as far as pihole knows.
I think it's because Docker does shenanigans with DNS so that it can do automated name resolution based on container names. The iptables Docker puts in place don't seem to be properly masquerading the IP of the DNS, so the container thinks its DNS request are being intercepted and ignores the responses.
Bind the DNS listening port to the specific external IP you want to listen on in the docker run or docker-compose file. e.g. my docker compose went from this:
ports: - "53:53/tcp" - "53:53/udp" #- "67:67/udp" - "81:80/tcp" - "443:443/tcp"
ports: - "53:53/tcp" - "192.168.1.2:53:53/udp" #- "67:67/udp" - "81:80/tcp" - "443:443/tcp"
I imagine the same might need to be done for 53/tcp as well, though I haven't worked that yet since I don't use DNS over TCP.