[SOLVED] Docker Pi-hole DHCP conflicts with Virgin router DHCP

Help Community Help
1

@DerFetzer, thanks a lot for this detailed post. But I am still having a problem regarding the DHCP in the Pihole.

Background

Like you, I had the Pihole flawlessly working on my raspberry pi before. Similarly, I moved to NUC and did a setup from scratch with docker-compose. However, I could not get the DHCP to work. I followed your setup and the Pihole is starting without a problem. When I manually set the DNS configuration on a device to hit the Pihole, ads are blocked successfully. However, I wanted to move away from this manual DNS configuration and have the Pihole be the DHCP server (this is because I live in the UK, and Virgin Media Hub modems don't let you assign a DNS server and it is painful to change the DNS settings manually. Also, there are many IoT devices whose DNS cannot be configured manually and those devices are still sending telemetry data). Things started going wrong when I enabled DHCP on the Pihole:

What I tried

  1. When the DHCP on my Virgin Hub (router) AND the DHCP on my Pihole are ON at the same time, I see that my Pihole starts leasing IPs. However, when a new device joins the network, it is not guaranteed that the Pihole will lease the IP to that device hence no adblocking. Not to mention having 2 DHCPs running in the network is a recipe for problems.
  2. When I turn off the DHCP on my router AND have the Pihole serve as the only DHCP server, I cannot browse as I receive a DNS-related error in the Chrome web browser, nor can I launch the web UI for the Pihole.
  3. I thought maybe switching from 2 DHCPs to 1 DCHP might be causing this problem. So I turned off both DHCPs, attached a monitor to my NUC, and tried to launch the Pihole. No luck once again, and I saw in docker-compose up that there is a problem with DNS configuration and the Pihole launch gets stuck there. Then I opened a new terminal session in the NUC and tried to ping a device in the network that I know is connected to the internet (my desktop), but it said network failure, the NUC was not even connected to the internet. However, both on the Pihole and on my Virgin Hub, the NUC is configured to receive the static IP of 192.168.0.2.

Current setup

Currently, I turned off the DHCP on my NUC and I am only using it for adblocking by manually configuring the DNS in my devices, as I mentioned before, the adblocking is working without a problem.

Information

docker-compose.yml

version: "3"
services:
  pihole:
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - 81:80
    restart: "always"
    cap_add:
        - NET_ADMIN
    dns:
      - 127.0.0.1
      - 1.1.1.1
    environment:
      TZ: "Europe/London"
      ServerIP: 192.168.0.2
      DNS1: 1.1.1.1
      DNS2: 1.0.0.1
      VIRTUAL_HOST: pi.hole
      DNSMASQ_LISTENING: all
      INTERFACE: eth0
      DHCP_ACTIVE: "true"
      DHCP_START: "192.168.0.2"
      DHCP_END: "192.168.0.200"
      DHCP_ROUTER: "192.168.0.1"
    volumes:
      - ./pihole/:/etc/pihole/
      - ./dnsmasq.d/:/etc/dnsmasq.d/
      - ./logs:/var/log/pihole/
    depends_on:
      - dhcphelper
    networks:
      backend:
        ipv4_address: '172.31.0.100'

  dhcphelper:
    build: ./dhcp-helper
    restart: "always"
    network_mode: "host"
    command: -s 172.31.0.100
    cap_add:
      - NET_ADMIN

networks:
  backend:
    ipam:
      config:
        - subnet: 172.31.0.0/16

Dockerfile

FROM alpine:latest
RUN apk --no-cache add dhcp-helper
EXPOSE 67 67/udp
ENTRYPOINT ["dhcp-helper", "-n"]

/etc/netplan/00-installer-config.yaml

Instructions I followed to address the port 53 bind issue, and as a result changes were made to this /etc/netplan.

# This is the network config written by 'subiquity'
network:
  ethernets:
    enp89s0:
      dhcp4: true
      dhcp4-overrides:
          use-dns: false
      match:
          macaddress: <some-mac-address>
      set-name: eth0
      nameservers:
          addresses: [127.0.0.1]
  version: 2

pihole_debug.log

github-gist

pihole.log

github-hist

FTL.log

github-gist

2

(Please open a separate topic if you face an independent issue.
I've moved your post accordingly.)

Generally, that's correct - it's good to be cautious about 2 DHCP servers on the same network link.

Nevertheless, two DHCP servers may coexist on the same network link if configured correctly.
For routers whose DHCP servers cannot be switched off and cannot be configured to distribute Pi-hole as local DNS server, we'd recommend to limit the router's DHCP range to accommodate just for Pi-hole host machine and configure a respective fixed IP address/DHCP lease reservation.

Note that it would take a while for client machines to pick up the new DNS server information from a Pi-hole DHCP lease, as they would hold on to their existing router-issued lease until that expires. This may take hours, days or even weeks, depending on your router's lease lifetime. You may force clients to renew their lease, e.g. by dis- and reconnecting them to your network, or by power-cycling them.

Your observations could well have been affected by mixing DHCP servers.

This sounds like you have only Pi-hole working in Docker?
If so, there may be other Docker configuration options available.

1 Like
3

@Bucking_Horn, apologies I thought this problem to be linked to DerFetzer's setup, thanks for moving it.

Many thanks for your rapid reply, finally it works! Configuring Virgin Hub's DHCP to assign a single IP to my NUC in the network seemed to have solved the problem. I tried renewing the lease of the devices in the local network and only Pihole seems to be assigning IPs and all the internet traffic goes through Pihole.

Yes, this is correct, I just didn't want Pihole to have network host configuration and wanted to map the ports explicitly. Plus one day I may want to throw traefik or nginx into the configuration, keeping things flexible. I am not sure as to what you mean by "If so, there may be other Docker configuration options available", what configurations do you have in mind, and for what purpose?

4

I was indeed alluding to trying out different Docker network modes. :wink:

Host network mode would probably have been the simplest option to get DHCP working, but would mean that Pi-hole's required ports (including HTTP) must be free on the host. Also, that may not be an option if for whatever reason you'd require multiple other containers to be on the same Docker internal network as your Pi-hole.

Another option would be macvlan, which would attach a virtual MAC to your Pi-hole container, allowing it to receive a regular private range IP as any other device's network interface in your home network. This would work for other containers as well.

You could refer to Pi-hole's documentation on Docker DHCP and Network Modes for further details.

5

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.