Using Pi-hole as a DHCP server in Windows Docker

Help Community Help
,
1

The issue I am facing:
Hello, I've hit a brick wall with this and would gratefully appreciate any help I can get. Here's what I'm trying to accomplish.

Context
I have an existing Windows box which runs 24/7 and initially seemed ideal to run pi-hole on using Docker. However, my router won't let me configure it to set pi-hole as the DNS server (there's no option to configure a DNS server in the DHCP settings on the router).

Because of this, I need to use pi-hole as the DHCP server, but the problem I'm having is getting the DHCP broadcast from the pi-hole container to the wider network.

My guide has been this page: Docker DHCP and Network Modes - Pi-hole documentation

Of the three options there, host mode and macvlan mode are out because they are not supported by Windows Docker Desktop, so I've been trying to get it working with bridge mode and using a DHCP relay to relay the DHCP signal between the pi-hole container and the rest of the network. As I'm running Windows, I can't use dnsmasq as the relay, so I've had to find an alternative DHCP relay - for this I've found some software called 'DHCP Server for Windows' which might do the job.

The problem
Where I've come unstuck here is what to specify as the IP of the client running the relay, and what to specify as the IP of the DHCP server. Here is the example configuration for the DHCP server:

[SETTINGS]
IPBIND_0=192.168.0.10 ; local IP address on client subnet
IPRELAY_0=192.168.0.10 ; IP address of central DHCP server
AssociateBindsToPools=1

Since the relay is running on the same box, and the DHCP server is running in a container on that box, what do I enter as the IP address of the relay client and the DHCP server? I've tried various combinations of various IP addresses (e.g. 192.168.0.10, 127.0.0.1) and nothing I do will allow another machine on the network to get an IP address from the pi-hole DHCP server.

Any advice? Alternatively, is what I'm trying to do even possible, or do I need to give up and just buy a Pi?

Details about my system:
For reference, my router IP is 192.168.0.1, and the IP of the Windows box I'm trying to get this working on is 192.168.0.10.

Here is my docker-compose:

version: '2'

services:
pihole:
container_name: pihole
image: pihole/pihole:latest
volumes:
- './etc-pihole/:/etc/pihole/'
- './etc-dnsmasq.d/:/etc/dnsmasq.d/'
cap_add:
- NET_ADMIN
networks:
- pihole_network
dns:
- 127.0.0.1
- 1.1.1.1
ports:
- 443:443/tcp
- 53:53/tcp
- 53:53/udp
- 67:67/udp
- 80:80/tcp
environment:
ServerIP: 192.168.0.10
restart: unless-stopped

networks:
pihole_network:
driver: bridge

2

A DHCP relay translates DHCP broadcasts of clients in your home network into unicasts directed at a remote DHCP server's, i.e. your Pi-hole's IP address.

However, in your current setup, DHCP relay and Pi-hole's DHCP server share the same IP address, so your relay is forwarding DHCP requests to its own IP address.

Try to put Pi-hole and your DHCP relay on different IPs.
Also, check if your router can be configured to relay DHCP requests, as that would spare you from setting up a separate relay.

3

Thanks for your reply - I've tried running the DHCP relay on another box but no luck. In this set up, pi-hole is on 192.168.0.10 and the DHCP relay is on 192.168.0.7.

I can access the Pi-hole admin page from the box running the relay, so I know that Pi-hole is running and accessible on the network. I did also double-check that pi-hole's DHCP server is enabled.

Any thoughts on why the DHCP packets aren't being relayed? I have port 67 enabled for UDP in the Docker config.

Is there any way to configure this so that Pi-hole Docker and the DHCP relay are running on the same Windows box? My router doesn't support DHCP relaying and having a separate box to run the relay defeats the object (I would just give up and buy a Pi :slight_smile:).

Or this there another way of exposing pi-hole's DHCP server to the parent network which I'm not aware of?

Another approach which I've just thought to try is using the dedicated DHCP Server as an actual DHCP server, and configuring it to use the pi-hole box as a DNS server. So in this setup, 192.168.0.10 is running a separate dedicated DHCP server and pi-hole (in Docker). The client is now allocated an IP address and is told to use 192.168.0.10 as the DNS server, but is then not able to resolve any domain names. Any thoughts on why this didn't work?

4

Are you perhaps using 192.168.0.10 as your relay's target IP?
That address would be on the same link / same network segment as the client.

The relay's purpose is to forward the DHCP request to an IP address in another network segment. In your case, that' would be Pi-hole's IP address in your Docker's bridge network.

You wouldn't require a DHCP relay with macvlan or host network modes, but as you've mentioned, those modes are not available in Docker for Windows.

5

Yes, I had 192.168.0.10 as the relay's target IP.

According to the network inspection:

docker network inspect docker-pi-hole_pihole_network

[
{
"Name": "docker-pi-hole_pihole_network",
"Id": "c7fc77fbd7f48498bfecd151a419dddeb01cb29b88dd4f7c0f4cbd4f3ba1e84d",
"Created": "2020-11-17T14:55:59.4916418Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.19.0.0/16",
"Gateway": "172.19.0.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"5024c06f2b3a98f8cbd9546393f531f28c8f81b303bb1f2945aaa92cf22baee1": {
"Name": "pihole",
"EndpointID": "9de1851fdff40b9b42d06ce52eedc230b714fdcc24b0ee0417db205926707463",
"MacAddress": "02:42:ac:13:00:02",
"IPv4Address": "172.19.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"com.docker.compose.network": "pihole_network",
"com.docker.compose.project": "docker-pi-hole",
"com.docker.compose.version": "1.27.4"
}
}
]

The pi-hole container's IP address is 172.19.0.2. I tried running the DHCP relay with this as the target IP but still no luck. This is with the relay running on the same physical machine as the pi-hole container.

Do I need to do anything else to expose the DHCP to the outside world? I'm publishing UDP port 67.

6

For reference, here is the config for the DHCP server/relay I'm running:

[SETTINGS]
IPBIND_0=192.168.0.10 ; local IP address on client subnet
IPRELAY_0=172.19.0.2 ; IP address of central DHCP server
AssociateBindsToPools=1
PORT_80=50555

[HTTP-Settings] 
EnableHTTP=1 
Root="C:\dhcpsrv2.5.2\wwwroot"
7

'No luck' is a bit too thin to be helpful :wink:

Did your clients acquire no IP address at all, or are your clients DNS requests failing?

If the latter, did you configure Pi-hole to return its host's IP address as DNS server?
You'd need a custom configuration file for that, e.g. 42-dhcp-option.conf:

dhcp-option=option:dns-server,192.168.0.10
8

Specifically, my client just times out trying to obtain an IP address.

9

Can you ping your Pi-hole's 172.19.0.2 from your Docker host?

10

No, the ping times out, as does trying to acces pi-hole's admin interface using that IP.

I can access the pi-hole admin page from the host using 192.168.0.10 and the local loopback IP, but not 172.19.0.2.

11

I 'm afraid I can't help you much further. :frowning:

Routing should at least work from the Docker host, and of course your relay would need a route to Pi-hole's DHCP server.
You'd probably have to add proper routing or add some extras to Docker's iptables; maybe another specialty of Docker for Windows, I don't know.

I did a quick search for other topics here, but none of the solutions posted seems to use Docker for Windows.

EDIT:
And that's likely because it doesn't work with Docker for Windows (sourced from here, but also see this Docker Windows GitHub issue):

Docker Desktop for Windows can’t route traffic to Linux containers.

You'd probably be better off getting yourself a Linux machine (even an RPi Zero is quite capable as a Pi-hole machine).

13

Thanks anyway, I appreciate your efforts. If I should be able to access the container from the host by its IP then that's something I can investigate further, or failing that I'll just have to buy a Pi!

14

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.