Having it read etc-pihole instead of etc/pihole is different as etc-pihole is specifying a file and etc/pihole is specifying a folder location. I am assuming pihole is trying to save all the block lists to a single file which is confusing it as it wants to put the block lists into a folder that it can read from.
Piholes code downloads every block list to the folder then compares and removes duplicates. Finally assembling a final block list. That way it only has to download a block list when changes have been made to it.
It may be easier if you want to just stop your container and right click on it and edit the mounting points to the dnsmasq.d and pihole folder locations. As I am not home I am not 100% positive you can change mounting points of a container after creating it though.
I may be looking at this wrong. If you are positive you volume bindings are going to folders and it is showing the .conf files in a folder named etc-dnsmasq.d then volumes may not be your issue. Being that I cant look at the debug logs and am not a linux guru to even understand them this is harder.
You could try to just focus on Pi.hole by:
Making sure your routers DNS is something other then pihole.
Set your synology to use the routers DNS.
Verify that pihole is using one or two of the default dns like 1.1.1.1 & 9.9.9.9.
Verify the router has no types of force redirect of DNS. (I dont have a netgear to know what it is equipped with.)
Then try and update the lists again.
I can retry a fresh install of mine this weekend to see if something may have changed on the synology docker package that is causing any issues.
The other thing to try if you are positive you volume bindings are going to folders is to:
Stop the container.
Clear the container.
Go into the etc-pihole and etc-dnsmasq.d folders and delete everything inside these folders. (previous install issues may exist if you did not delete the contents of these folders when you tried to install pihole multiple times.)
Don't delete everything - if you do that, you lose part of your configuration as well, which will make it hard to run Pi-hole.
Pi-hole's core component (piholeFTL based on dsnmasq) is configured via a set of files under /etc/dnsmasq.d/.
Pi-hole's default configuration options as well as blocklists and long-term database are stored under /etc/pihole/.
Let's take a look at what's in this folders first, so we could figure which files can go and which not (if it is a file issue at all).
That way, we could also verify that you indeed exposed the right folders.
EDIT: Sorry for updating this repeatedly after posting - I just wanted to get the Don't delete out as quickly as possible
I just changed the folders.. just to make sure.. same results..
I changed routers dns to isp provided.. changed Synology to automatic dns/router. Same results
No luck
BTW it is a pain to do this on the smart phone..lol
He has been unable to get it to even download the initial block lists. Losing all the files inside the mapped folders would not matter as restarting the docker image reinstalls the files when missing as setup through his docker container. If his variables are correct on his initial container setup the only thing he loses it downstream DNS changes as they will default back to google. Any changes to DHCP (which he is not currently using.) Any whitelist/blacklist/regex/blocklists. (Which should not matter as he cant get a fresh install to work.)
You could try a pihole -r to repair but that is not a preferred way to fix a docker image as if the issue is with the configuration it could go back to not working when the docker image is restarted. This is also the reason you dont do a pihole -up in the docker image because when it restarts it reverts to the original installed image.
You are right, you can always restart the conatiner, but deleting these folders will likley render his current instance useless, as you strip Pi-hole from its configuration.
Trying to continue using an instance that has been crippled in that way will make you see errors that normally wouldn't occur.
Apologies if you didn't intend to continue using it after deletion (but why suggest deletion at all then?).
@sebtus:
Anyway, what's the content of /etc/dnsmasq.d/ and /etc/pihole/ in your container ?
Anything resembling the files as described in What files does Pi-hole use?
Im thinking this is a pihole issue more then a docker setup issue if your network configuration is correct.
You are located in the new york time zone correct? I was looking through older posts about this issue and Promofaux helped someone by explaining "Certificate checks can fail if the system time is incorrect… certs are generally valid for a certain period and if your system time is outside of that period then the check will fail!" They fixed the time and everything worked as expected.
Everything looks good regarding folders. Everything is there..
Yes tz is America/new_york
I saw that cert/time issue and I verified my time zone. I did some digging and tried everything i could find regarding Synology/docker..
I don't post untill I am unable to find solution already posted somewhere.
I worry a bit about that network part - downloading the lists produces Status: Connection Refused, according to @sebtus' screenshots.
Pi-hole is using HHTP/port 80 to retrieve blocklists.
It is unlikely all target blocklist severs are experiencing overload at the same time.
Connection Refused normally means either nothing is listening on IP address:port you are using, or a firewall is intercepting the connection.
If you are sure it is not a firewall, that message might be related to resolving the blocklists hostnames, which would mean something is not right with Pi-hole's network configuration.
You wouldn't have provided a custom upstream DNS as 8.8.8.8:53, for example ?
If so, change that to 8.8.8.8#53 accordingly.
Indeed:
Configuring and retrieving a correct time would be essential if you had DNSSEC enabled, be it Pi-hole or any additional recursive resolver (like unbound or BIND) as part of the DNS chain running in the same instance.
I have Synology firewall setup for incoming connection nothing going out..
DNSSEC IS OFF. I don't use custom DNS servers. I have tried to use other but no luck either.
Keep in mind that I can ssh into container and dnslookup all domains just fine.
Try disabling the firewall for long enough to test pihole. If it works then we know its blocking the incoming files. You can turn it right back on after.
So you can ssh into the container through the macvlan and do nslookups, you can manually add a domain to the block list? Can you go to pihole web UI at pi.hole/admin?
I am not physically on my lan. I use my isp assigned ip to login to my home network. If I use my home ip. Yes I can login to pihole admin.
In addition if I set pihole as my DNS in Synology.. Every time I do nslookup from the container it shows it on query list as good to go. Plus all queryies Synology does show up as well(ip check etc)
Everything is working as it should but the list update.
When I add manually to the block list and try to nslookup that domain it gets blocked and pi query list shows as blocked.
sidenote:
I have another pihole installed on raspberry ( different lan) and it works great.
At some point I'm going to give up on Synology and get another raspberry..... But it bothers me that I can't get it to work.....
Don't delete everything - if you do that, you lose part of your configuration as well, which will make it hard to run Pi-hole.
