When docker Pihole is running on NAS and router DNS is pointed to the Pihole IP the NAS loses internet connection

brownan · September 20, 2025, 5:06am

Expected Behaviour:

The expected behaviour is that when my router’s DNS is set to the IP address of the Pihole container that the host won’t lose internet connection

Operating System: UGOS
Hardware: UGREEN DXP4800 Plus NAS
Docker compose file

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    network_mode: host
#    ports: Uncomment ports if using network_mode: bridge
      # DNS Ports
#      - "54:53/tcp"
#     - "54:53/udp"
      # Default HTTP Port
#      - "8808:80/tcp"
      # Default HTTPs Port. FTL will generate a self-signed certificate
#      - "4443:443/tcp"
      # Uncomment the line below if you are using Pi-hole as your DHCP server with network_mode: bridge
      #- "67:67/udp"
      # Uncomment the line below if you are using Pi-hole as your NTP server
      #- "123:123/udp"
    environment:
      # Set the WebUI ports when using network_mode: host
      FTLCONF_webserver_port: '8808,4443'
      # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
      TZ: 'America/Toronto'
      # Set a password to access the web interface. Not setting one will result in a random password being assigned
      FTLCONF_webserver_api_password: 'yORQHkNTk&77rukfLcf'
      # If using Docker's default `bridge` network setting the dns listening mode should be set to 'all'
#      FTLCONF_dns_listeningMode: 'all'
      # Upstream DNS servers for Pi-hole to forward queries to when a domain isn't found on it's blocklists, separated by semicolon
      FTLCONF_dns_upstreams: 1.1.1.1;1.0.0.1;8.8.8.8;8.8.4.4
    # Volumes store your data between container upgrades
    volumes:
      # For persisting Pi-hole's databases and common configuration file
      - './etc-pihole:/etc/pihole'
      # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
      #- './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
      # Required if you are using Pi-hole as your DHCP server, else not needed
      - NET_ADMIN
      # Required if you are using Pi-hole as your NTP client to be able to set the host's system time
      - SYS_TIME
      # Optional, if Pi-hole should get some more processing time
      - SYS_NICE
    restart: unless-stopped

Docker engine version: 26.1.0

Actual Behaviour:

When I test the Pihole by just manually setting something like my phone's DNS server to the Pihole IP (which is also the UGREEN NAS's IP due to being in host mode) it seems to work fine. However, as soon as I set my router (in this case an ISP modem) to use the Pihole's IP (again, the UGREEN NAS IP due to being in host mode) the NAS itself loses it's internet connection. It's still reachable over the LAN though. Also presumbaly due to the NAS losing it's internet connection the same test phone also loses it's ability to load anything on the internet.

Debug Token:

https://tricorder.pi-hole.net/pY2elf7S/

Bucking_Horn · September 20, 2025, 7:06am

Run from your NAS machine hosting Pi-hole, please share the output of:

dig flurry.com @192.168.2.140

dig discourse.pi-hole.net

dig discourse.pi-hole.net @8.8.8.8

dig discourse.pi-hole.net @1.1.1.1

brownan · September 20, 2025, 7:37am

Here is a pastebin with the outputs from those commands. It wouldn’t let me post them here I think due to the @ symbols thinking it was me trying to reply to users. Which new users aren’t allowed to do.

Also, one thing I noticed is that if I leave my router’s DNS server on it’s regular settings like 1.1.1.1, 1.0.0.1 and then manually change the NAS’s DNS servers within it’s network settings to 192.168.2.140, 1.1.1.1 it continues to receive an internet connection. But as soon as I change the router’s DNS to 192.168.2.140, 1.1.1.1 I start to have issues on the NAS’s internet connection.

Bucking_Horn · September 20, 2025, 7:59am

You can easily avoid that by marking your text as pre-formatted text (just as I've done with the dig commands).

Just enclose output within three backticks ```, or use the </> - Pre-formatted text button from the editor's menu bar.

Your output indicates that Pi-hole receives and blocks DNS requests as requested, but your NAS cannot communicate with the public DNS servers that Pi-hole is using as upstreams.

Let's see if your router would accept DNS traffic.
Run from your NAS, please share the output of:

dig pi-hole.net @192.168.2.1

brownan · September 20, 2025, 3:56pm

Here is the result of that dig command

Andy@Browns-NAS:~$ dig pi-hole.net @192.168.2.1
;; communications error to 192.168.2.1#53: timed out
;; communications error to 192.168.2.1#53: timed out
;; communications error to 192.168.2.1#53: timed out

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> pi-hole.net @192.168.2.1
;; global options: +cmd
;; no servers could be reached

brownan · September 20, 2025, 8:16pm

I seem to have solved it. I changed the DNS setting on my router back to it’s default, then disabled DHCP on the router and enabled it on the Pihole. Now everything seems to be going through Pihole including the NAS itself while maintaining and internet connection.