Windows 10 Docker PiHole *sometimes* not resolving DNS for wired clients only

Hi all,

It had been a while so I updated docker and Pi-hole to the latest.

Weird fault here. Wireless clients have no issues ever.
Wired clients, including the system docker is on will have 90% of nslookups fail.

 nslookup news.com.au 192.168.20.22
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.20.22

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 Request to UnKnown timed-out

The request gets to Pi-Hole, I can see it hit pihole.log but it doesn't get a reply.

If I do a dig from Pi-Hole through Docker Exec, it works fine, and I see the Pi-Hole.log get the reply.

# dig news.com.au

; <<>> DiG 9.16.48-Debian <<>> news.com.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17030
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;news.com.au.                   IN      A

;; ANSWER SECTION:
news.com.au.            18      IN      A       104.116.108.143

;; Query time: 60 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Tue May 28 20:54:02 AEST 2024
;; MSG SIZE  rcvd: 45

So is docker doing some funky NAT that isn't quite right? The wireless clients are working fine.
Docker Version 4.30.0 (149282) Engine: 26.1.1 Compose: v2.27.0-desktop.2

Pi-Hole settings
Interface is accepting from all origins.
NO DHCP
Using Cloudflare DNS

Docker-Compose

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      # - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "81:80/tcp"
    environment:
      TZ: 'Australia/Brisbane'
      WEBPASSWORD: 'password'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    # cap_add:
    #  - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: unless-stopped

Appreciate any help!

I did try a rebuild with the IP listed but it didn't seem to change anything for me, but perhaps I didn't manually delete the files. I have read others have found this to be a solution for their issues.

ports:
  - "192.168.20.22:53:53/tcp"
  - "192.168.20.22:53:53/udp"

Cheers
Garby

Please rerun your nslookup and share the results along with those corresponding log lines.

Thanks Bucking_Horn,

So I caught it mostly working on this first attempt. I will wait a few minutes and use a big $ news outlet in Australia. So below is around 7 minutes worth from my main PC not running the docker Pi-Hole (but the results would have been the same on it)

> nslookup littlebigsnake.com 192.168.20.22
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.20.22

Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Name:    littlebigsnake.com
Addresses:  104.26.8.138
          104.26.9.138
          172.67.71.90

Pihole.log

May 29 18:00:56: query[A] littlebigsnake.com from 172.19.0.1
May 29 18:00:56: forwarded littlebigsnake.com to 1.1.1.1
May 29 18:00:56: reply littlebigsnake.com is 104.26.8.138
May 29 18:00:56: reply littlebigsnake.com is 104.26.9.138
May 29 18:00:56: reply littlebigsnake.com is 172.67.71.90
May 29 18:00:56: query[AAAA] littlebigsnake.com from 172.19.0.1
May 29 18:00:56: forwarded littlebigsnake.com to 1.1.1.1

Try news.com.au (big news outlet in Australia)

nslookup news.com.au 192.168.20.22
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.20.22

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

Pihole.log

May 29 18:03:41: query[A] news.com.au from 172.19.0.1
May 29 18:03:41: forwarded news.com.au to 1.1.1.1
May 29 18:03:43: query[AAAA] news.com.au from 172.19.0.1
May 29 18:03:43: forwarded news.com.au to 1.1.1.1
May 29 18:03:43: query[AAAA] discord.com from 172.19.0.1
May 29 18:03:43: forwarded discord.com to 1.1.1.1
May 29 18:03:45: query[A] news.com.au from 172.19.0.1
May 29 18:03:45: forwarded news.com.au to 1.1.1.1
May 29 18:03:47: query[AAAA] news.com.au from 172.19.0.1
May 29 18:03:47: forwarded news.com.au to 1.1.1.1
May 29 18:03:50: query[A] pi.hole from 127.0.0.1
May 29 18:03:50: Pi-hole hostname pi.hole is 0.0.0.0

Another attempt, I get a reply after a timeout

nslookup news.com.au 192.168.20.22
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.20.22

Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Name:    news.com.au
Address:  104.99.188.143

May 29 18:06:16: query[A] news.com.au from 172.19.0.1
May 29 18:06:16: forwarded news.com.au to 1.1.1.1
May 29 18:06:16: reply news.com.au is 104.99.188.143
May 29 18:06:16: query[AAAA] news.com.au from 172.19.0.1
May 29 18:06:16: forwarded news.com.au to 1.1.1.1
May 29 18:06:20: query[A] pi.hole from 127.0.0.1
May 29 18:06:20: Pi-hole hostname pi.hole is 0.0.0.0

Below didn't get a response at all. You can also see windows update didn't get a response, so isn't just nslookup being silly.

nslookup news.com.au 192.168.20.22
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.20.22

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

May 29 18:07:39: query[A] news.com.au from 172.19.0.1
May 29 18:07:39: forwarded news.com.au to 1.1.1.1
May 29 18:07:41: query[AAAA] news.com.au from 172.19.0.1
May 29 18:07:41: forwarded news.com.au to 1.1.1.1
May 29 18:07:50: query[A] au.download.windowsupdate.com from 172.19.0.1
May 29 18:07:50: forwarded au.download.windowsupdate.com to 1.1.1.1
May 29 18:07:51: query[A] pi.hole from 127.0.0.1
May 29 18:07:51: Pi-hole hostname pi.hole is 0.0.0.0

Sanity checking Cloudflare - instant response.

nslookup news.com.au 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    news.com.au
Address:  104.99.188.143

nslookup news.com.au 1.0.0.1
Server:  one.one.one.one
Address:  1.0.0.1

Non-authoritative answer:
Name:    news.com.au
Address:  104.99.188.143

All the while I can see the kids on roblox on wireless??? Ad blocking is working, all fine.

Only things of note in debug log from what I can tell: But here is the full log if needed.
[✓] Your debug token is: https://tricorder.pi-hole.net/OwMEPWcV/

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
    172.19.0.2/16

[✗] No IPv6 address(es) found on the eth0 interface.

.....

*** [ DIAGNOSING ]: contents of /etc/lighttpd/conf.d
etc/lighttpd/conf.d does not exist.

Cheers,
Garby

Just saw potentially the same issue here

No. It's unrelated.
That other issue is not a docker installation and the user has no IPv4 address on eth0 (apparently it's a DHCP issue).