Support for pihole machine connection dying on some DNS queries after arbitrary uptime

Hello, I am trying to get pihole and nginxproxymanager running in an ipvlan on the same machine (a raspberry pi zero 2 w). I asked for support on the pi forum (here: https://forums.raspberrypi.com/viewtopic.php?t=368122 ) with no help but I just want to a sanity check to make sure I don't have anything obviously wrong with my pihole setup.

I wrote and followed this process here: GitHub - ShadyHippo/rpiz2w-pihole-nginx-public: IPVlan pihole and nginx on ipvlan stable rpi config to get both services up and running with their own static IPs.

The connection exists and is good and stable for about a few hours. I see normal good resource usage, when I connect to the machine via ssh it is responsive and pinging it is also responsive.

I can ping all 3 IPs (the base machine and both containers)

After being the DHCP server long enough (not just up time, I've had this thing up for days before with no issues and using the NPM side just fine) When I run some DNS queries (that presumably aren't cached) It brings the whole entire system down. I would love to provide any diagnostics of any kind or any other information.

When I say the entire system, I mean it. All network in my traffic (besides dns entries in the machines local caches) no longer resolve. I cannot hit speedtest.net, I cannot hit xfinity's (ISP in my area) speedtest, I cannot ping my gateway, I cannot ping any of the 3 IPs, I cannot ping my always on static IP unraid server, I cannot do anything. I have 3 devices I test on (work laptop (Windows), personal phone (iPhone), personal laptop (Regolith Linux (an Ubuntu variant)). I am at my wits end because I cannot understand what's happening. When this happens my only hope is disconnecting my laptop WiFi and reconnecting. I get a minute or two of connection. Then I open up my other pihole running on a different make and model raspberry pi in docker with the host network driver and I switch that back to being the DHCP server and disable my raspberry pi zero 2 w as the DHCP server. Once I do this my network comes back up once devices start looking to the model 2b instead of the zero for their DNS entries.

Thank you in advance

Your observation seems related to networking rather than Pi-hole.

Pinging IPs directly would not involve DNS at all, suggesting a OS / network level issue rather than a DNS one.

The third-party guide you've used states:

DISCLAIMER: This doesn't seem to work with a ton of devices. More troubleshooting is needed I guess.

I'd like to strongly encourage you to abandon that approach completely.

If your goal is to run a bunch of containers with a separate IP address each, use Docker's macvlan network driver instead.

From your description, it's not quite clear what machine is providing DHCP services in your network, but if you'd just want your Pi-hole container to offer DHCP on top of DNS, it'd probably be easiest to just use Docker's host network driver, see also Docker DHCP and Network Modes - Pi-hole documentation.

I'll give more info and context.

1. I will try your suggestion and make my pihole the "host" docker driver and run just the NPM server as macvlan. I'm disappointed to "give up" and try that because I specifically wanted to use ipvlan because I thought the idea of ipvlan was that it had all the benefits of macvlan without having to deal with multiple mac addresses and was less setup.
2. My current network is a router with DHCP disabled and a raspberry pi model 2 b running pihole in docker using the host driver over ethernet is my DHCP server. Its static IP is 192.168.0.19 (not that it matters). When I use this device I do not have any network issues. Everything runs smoothly and I never see devices go offline from any other device.
3. My goal is to move from that pi as my DHCP server to a pi zero 2 w as my Pihole DNS & DHCP and NPM server. My understanding was I would want to give them each a static IP on the network so they would be their own entities and my pi zero 2 w machine would be unnaffected on 192.168.0.5 in case I wanted to use port 80 on the host for something else. Then my pihole container would be 192.168.0.6 and my NPM container would be 192.168.0.7. I wanted to use IPvlan because it seemed like the best way to do things as opposed to macvlan which would require setting promisc modes and maybe some extra setup. However, I ended up shoehorning a bunch of that setup into my attempted ipvlan setup so maybe macvlan will end up working better on these devices.
4. That expternal guide is something I wrote. I have been trying to learn docker and networking in this project and document my findings because I couldn't really find other people doing this exact project so I figured I'd put it out there to help people. I thought I had everything working perfectly and published it and after the fact when I realized it was unstable added several disclaimers saying it is not stable. I just linked it because it is a good summary of everything I've done for this project. I wondered if maybe my docker compose file was wrong somehow (I have checked it several times but I wondered if something in my pihole configuration was wrong)
5. I don't know how pinging isn't DNS related but for some reason when my pi zero 2 w machine is my DHCP server and it becomes unresponsive I can no longer hit anything on my network from any of my machines. I have multiple test devices and if the devices got their DHCP lease IP from the pi zero 2 w they anything anywhere on my network.
6. Thank you very much for the info and as I said in 1. I will try pihole using the host driver on 192.168.0.5 and then keep my NPM in its own IP on either macvlan or ipvlan. Is there some reason macvlan is preferred to ipvlan I have somehow missed in my research? Is there some reason it's a bad idea to run DHCP from a container using macvlan / ipvlan? Is this unsupported? If so I really appreciate the pointer to just set it as the host and I will do so but I thought I could leave the host "clean" of any ports on it in case I needed them later (I probably won't and if I do those could in theory just be their own macvlan or IPvlan container in the future)

SOLVED:
Thank you very much for the support.

You were correct, It was a network issue on my end.

I hadn't correctly set up the static IP on the host machine. I believe my setup would have worked fine but even after setting the pihole container to use the host driver I still had the same "after 24 hours the host dies" issue.

It occurred to me after that that it is the DHCP lease dying which made no sense to me because I had requested an IP in the nmtui utility. However, I realized I still had it set to automatic instead of manual

For anyone else with spooky 24 hour network death issues check that the connection you have set for your static IP is properly set to manual mode from nmcli instead of "automatic" like the default.

For anyone in the future, here's the commands I used to get a static IP (Found elsewhere on the raspberry pi forums but I can't find the page anymore)

The very important part I had missed was ipv4.method manual on the end of the first one

In my case the connection name is preconfigured so replace that and the ip's with your respective IPs for the static one you want to manually assign and your gateway.

I set my pihole host machine's DNS manually to the OpenDNS IPv4 connections because I want to make sure even if PiHole is down it can update and hit the internet.

After you've set it the 4th command restarts the service and the 5th command reboots the pi. All of these can be completed in ssh (at least it was OK for me)

sudo nmcli c m "preconfigured" ipv4.addresses 192.168.0.5/24 ipv4.method manual
sudo nmcli c m "preconfigured" ipv4.gateway 192.168.0.1
sudo nmcli c m "preconfigured" ipv4.dns "208.67.222.222 208.67.220.220"
sudo nmcli c down "preconfigured" && sudo nmcli c up "preconfigured"
sudo reboot now

I also used sudo nmtui and used the menu to double check the connection afterward and disabled the IPv6 connection because it was not something I wanted on. It probably doesn't matter. I just noticed the RAM usage seemed to be lower in pihole when it was disabled.

In the nmtui menu make sure the connection is "manual" after you're done

I wasn't aware that you were the author of the very guide you've linked.

My recommendation was not to abandon ipvlan in general, but rather to not follow a guide that disclaims to not be currently working.

As explained, if you ping an IP directly, there would be no DNS involved at all.
If you had pinged by name, then DNS may or may not have been involved, as ping employs additional means of resolving names, particularly for local names, not just DNS (making it unsuitable to analyse DNS issues).

I didn't say so - I just pointed out that using Docker's host mode would probably be easiest.
The documentation I've linked gives you several options to get a DHCP server operational inside a container, including macvlan.

Glad you've sorted your issue, and thank you for sharing your fix.