Pihole is showing the source address as being the docker network which Pihole is running for any DNS queries from other subnets.
I have Pihole in a custom bridge network (10.1.53.0/24), with ports (53) published to 192.168.1.50. Any client queries from the 192.168.1.0/24 are recorded with the proper IP address.
However any from 192.168.3.0/24 (another VLAN) are recorded as being from 10.1.53.1 as are any queries from any other docker containers on the same host. (10 and 172 range addresses).
So the stats page is showing 90%+ of queries coming from 10.1.53.1.
I'm sure this is down to host configuration - iptables masquade rules or some such - I'm no iptables expert though.
Anyone else seen this and any ideas how to resolve so that pihole records the client addresses?
Seems something is NATing your requests. Since this involves replacing the source IP of a packet with its own, I'd start looking at the device or software at 10.1.53.1 - don't know if that's Docker or your (VLAN) router..
This is a network configuraton issue rather than Pi-hole, so you may also consider consulting additonal sources, e.g. Docker's network documentation for maximum feedback.
I've read through the Docker networking documentation but not been able to peel back the layers to what actually gets defined on the hosting server or how to untangle the NATing
Seems your are using Docker's default bridge network, which is doing NAT by default.
I'd advise against manipulating Docker's iptables chains directly. For once, it is a non-trivial task to match the virtual NIC within a container to the virtual NIC attached to Docker's bridge network, and more important, any change you apply to those will potentially be effective for all your containers on that Docker daemon, which may not be what you want.
If you want to stick with a bridge network, you can create your own custom bridge network and disable NAT for it. Try searching for docker network create along with enable_ip_masquerade and/or --ip-masq. Once created, you can then reference that network in your docker compose networks: option.
Or just give up on network isolation and switch to using Docker's host mode, which may not be your worst choice if you are new to Docker and Pi-hole is your only container. You can always experiment with other drivers once you've sufficiently familiarised yourself with them later.
For more specific advice, consulting other relevant sources like Docker's support may increase your chance for a more knowledgable answer.