The issue I am facing:
The request from my laptop reaches pihole running in a docker container with ipvlan on the remote server behind wirequard.
Pihole, queries the DNS server/its cache and returns a reply.
The reply does not reach my laptop.
Port 53 is open for both udp and tcp traffic on the host.
Wireguard is running normally for other endpoints.
port 80 and 443 of pihole docker is managed by nginx
wg-quick up wg.conf
nslookup adobe.com
;; communications error to 10.8.1.3#53: timed out
;; communications error to 10.8.1.3#53: timed out
;; communications error to 10.8.1.3#53: timed out
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: adobe.com
Address: 202.83.26.121
Name: adobe.com
Address: 202.83.26.122
pihole.log file
Jan 27 18:01:38: query[A] adobe.com from 10.8.0.2
Jan 27 18:01:38: forwarded adobe.com to 8.8.8.8
Jan 27 18:01:38: reply adobe.com is 184.28.173.176
Jan 27 18:01:38: reply adobe.com is 184.28.173.161
Jan 27 18:01:40: query[A] pi.hole from 127.0.0.1
Jan 27 18:01:40: Pi-hole hostname pi.hole is 0.0.0.0
Jan 27 18:01:43: query[A] adobe.com from 10.8.0.2
Jan 27 18:01:43: cached adobe.com is 184.28.173.176
Jan 27 18:01:43: cached adobe.com is 184.28.173.161
Jan 27 18:01:48: query[A] adobe.com from 10.8.0.2
Jan 27 18:01:48: cached adobe.com is 184.28.173.161
Jan 27 18:01:48: cached adobe.com is 184.28.173.176
Jan 27 18:01:53: query[AAAA] adobe.com from 10.8.0.2
Jan 27 18:01:53: forwarded adobe.com to 8.8.8.8
Jan 27 18:01:53: reply adobe.com is 2600:140f:3600::17c9:3b41
Jan 27 18:01:53: reply adobe.com is 2600:140f:3600::17c9:3b60
Jan 27 18:01:58: query[AAAA] adobe.com from 10.8.0.2
Jan 27 18:01:58: cached adobe.com is 2600:140f:3600::17c9:3b41
Jan 27 18:01:58: cached adobe.com is 2600:140f:3600::17c9:3b60
Jan 27 18:02:03: query[AAAA] adobe.com from 10.8.0.2
Jan 27 18:02:03: cached adobe.com is 2600:140f:3600::17c9:3b60
Jan 27 18:02:03: cached adobe.com is 2600:140f:3600::17c9:3b41
Details about my system:
pihole, nginx and wireguard are docker containers and reside on an oracle cloud instance.
nginx exposes http and https ports to host and connects to pihole and wgeasy through an ipvlan docker network.
My laptop running nslookup is in my home lan.
From the pihole logs I can see that the request from nslookup is received by pihole but the response does not reach back to my laptop.
docker inspect shows
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "d878949efd66eb455e15afa925cfeea4f0bb35faa92f16e3471af58368f08a37",
"SandboxKey": "/var/run/docker/netns/d878949efd66",
"Ports": {
"53/tcp": null,
"53/udp": null,
"67/udp": null,
"80/tcp": null
},
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"ubuntu_wg-easy": {
"IPAMConfig": {
"IPv4Address": "10.8.1.3"
},
"Links": null,
"Aliases": [
"pihole",
"pihole"
],
"MacAddress": "02:42:0a:08:01:03",
"DriverOpts": null,
"NetworkID": "ad45c3e86911d83a10066e19b4c0d524cc5c812d9c31206515f926987cafd804",
"EndpointID": "e6e4e80e57618566d5656692e429303c1e89067c53c9553b27a6831cb1331640",
"Gateway": "10.8.1.1",
"IPAddress": "10.8.1.3",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DNSNames": [
"pihole",
"3176a75061a3"
]
What I have changed since installing Pi-hole:
No change I am using image: pihole/pihole