search

chriscrowe / docker-pihole-unbound

Run Pi-Hole + Unbound on Docker
1.04k stars 270 forks source link

Reverse lookup not working with one-container on Windows #220

Closed HackXIt closed 10 months ago

HackXIt commented 10 months ago

I have setup one-container in portainer successfully with the following settings:

stack-yaml

version: '3.0'

networks:
  home_macvlan:                         # Name of macvlan network
    external: true

volumes:
  etc_pihole-unbound:
  etc_pihole_dnsmasq-unbound:

services:
  pihole:
    container_name: pihole
    image: cbcrowe/pihole-unbound:latest
    cap_add:
    - NET_ADMIN
    hostname: ${HOSTNAME}
    networks:
      home_macvlan:
        ipv4_address: ${PIHOLE_ADDRESS}
    #domainname: ${DOMAIN_NAME}
    ports:
      - 443:443/tcp
      - 53:53/tcp
      - 53:53/udp
      - 67:67/udp # Only required if you are using Pi-hole as your DHCP server
      - ${PIHOLE_WEBPORT:-80}:80/tcp #Allows use of different port to access pihole web interface when other docker containers use port 80
      - 5335:5335/tcp # Uncomment to enable unbound access on local server
      # - 22/tcp # Uncomment to enable SSH
    environment:
      - FTLCONF_LOCAL_IPV4=${FTLCONF_LOCAL_IPV4}
      - TZ=${TZ:-UTC}
      - WEBPASSWORD=${WEBPASSWORD}
      - WEBTHEME=${WEBTHEME:-default-light}
      - REV_SERVER=${REV_SERVER:-false}
      - REV_SERVER_TARGET=${REV_SERVER_TARGET}
      - REV_SERVER_DOMAIN=${REV_SERVER_DOMAIN}
      - REV_SERVER_CIDR=${REV_SERVER_CIDR}
      - PIHOLE_DNS_=127.0.0.1#5335
      - DNSSEC="true"
      - DNSMASQ_LISTENING=single
    volumes:
      - etc_pihole-unbound:/etc/pihole:rw
      - etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
    restart: unless-stopped
    deploy:
      placement:
        constraints: [node.hostname == the-matrix]

Environment variables:

TZ=Europe/Vienna
WEBPASSWORD=*****************
FTLCONF_LOCAL_IPV4=10.1.0.202
WEBTHEME=default-dark
PIHOLE_WEBPORT=80
HOSTNAME=pihole
DOMAIN_NAME=pihole.lan
PIHOLE_ADDRESS=10.1.0.240

In pihole I have configured DNS as described: Upstream DNS Custom 1: 127.0.0.1:5335

Additionally I've also configured DHCP server: Domain: hxit.lan

I've added various devices in the Local DNS entries.

However, when running nslookup <some-device>.hxit.lan I get the following result on Windows:

nslookup the-matrix.hxit.lan
Server:  UnKnown
Address:  fe80::1

*** UnKnown can't find the-matrix.hxit.lan: Non-existent domain

And I get this result on another linux node in the docker swarm:

nslookup the-matrix.hxit.lan
Server:         10.1.0.240
Address:        10.1.0.240#53

Name:   the-matrix.hxit.lan
Address: 10.1.0.202

Online, I've discovered that this might have to do with faulty reverse lookup zones, but I'm not sure what exactly is wrongly configured.

HackXIt commented 10 months ago

I've discovered this may be due to IPv6

I am not sure what IPv6 address the pihole has.

HackXIt commented 10 months ago

Can confirm.. Turning off IPv6 in my router results in the addresses being resolved in the browser. And this is now the response of nslookup on windows:

 nslookup the-matrix.pihole.lan
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fe80::1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

So the attempt still uses IPv6 somehow, but fails. In the config of the image, IPv6 is disabled, which probably is a root-cause for the above not working.

I am not sure how I can configure my router to use IPv6 and clients being able to get an IPv6 address. Any help is greatly appreciated.

HackXIt commented 10 months ago

Problem solved.. it was all about IPv6 in my router. Gonna take forever until my provider will give me IPv6, so I'll close this, since it's not an issue with the container as of right now.