Container cannot survive restart

[danlo315]

Hello,

I'm running into a new issue (under 4.1) that didn't exist for 4.0. If I create a brand new docker container via command below with a brand new config directory, it works. However, if I perform a restart of the container, I get an error in the log of DNS service not started. I also cannot log into my web console. This is my docker run command:

---

docker run -d \ --name pihole \ --net=host \ -v "/etc/pihole/:/etc/pihole/" \ -v "/etc/pihole/dnsmasq.d/:/etc/dnsmasq.d/" \ -e ServerIP="serverip" \ -e DNS1=1.1.1.1 -e DNS2=1.0.0.1 \ --dns 1.1.1.1 \ -e WEBPASSWORD= \ --restart=unless-stopped \ pihole/pihole:latest

There must be some command that is written to my /etc/pihole/ directory but I can't seem to figure out what it is.

---

docker version Client: Version: 17.05.0-ce API version: 1.29 Go version: go1.7.5 Git commit: 89658be Built: Thu May 4 22:10:54 2017 OS/Arch: linux/amd64

Server: Version: 17.05.0-ce API version: 1.29 (minimum version 1.12) Go version: go1.7.5 Git commit: 89658be Built: Thu May 4 22:10:54 2017 OS/Arch: linux/amd64 Experimental: false

[diginc]

Looks like your run command is missing --dns 127.0.0.1. Add it in front of your current one so it is primary and 1.1.1.1 is secondary: --dns 127.0.0.1 --dns 1.1.1.1

[danlo315]

Adding --dns 127.0.0.1 (or adding --dns ) didn't work.

It looks like I was able to isolate the issue to local.list file. If I remove the file before restarting the container, piHole re-runs the gravity lists, recreates the local.list file, and everything is back up and running. My local.list file is:

pi.hole Changing server ip from server IP to 127.0.0.1 did not work in local.list file didn't work either.

[BigSnicker]

danlo315, you're a genius (or, at least, appear that way to people who are definitely not geniuses)

This solves the problem we've been having with the Synology docker container as well. (https://discourse.pi-hole.net/t/4-1-dns-service-wont-successfully-restart-on-synology-docker/15561/4)

After a failed restart, I open a shell, delete local.list, and pihole starts up normally at the next attempt.

Hopefully this will help resurrect pihole for us in the next hotfix.

[danlo315]

I posted this same issue on the PiHole subreddit. A "permanent" solution is to add --cap-add=NET_ADMIN to the docker run command. I'm not exactly sure why 4.1 requires this capability though.

[BigSnicker]

Awesome! It worked! Rather than wade through the Synology DSM file system, I ended up using a hack to work within the Synology GUI..... notably:

) export json settings of a standard (won't restart) pihole 4.1 container ) edit json file to include "cap_add" : [ "NET_ADMIN" ], *) import edited json file to create new container with high privileges

I'm sure there's a better way, but at least we've got a successfully restarting container now. Cheers.

https://forum.synology.com/enu/viewtopic.php?t=118103

[mjw210]

*) import edited json file to create new container with high privileges

Is it required to run this container with high privileges now? I previously was running an entirely isolated container without high privileges with no issues, but after updating to 4.1 and mapping the config/dnsmasq.d folders outside of the container I'm running into issues executing without high privileges.

[DL6ER]

Where does this "high privileges" come from? The correct solution is to add --cap-add=NET_ADMIN to the docker run command as has already been mentioned above.

[diginc]

Is it required to run this container with high privileges now?

At least with NET_ADMIN privilege. Our readme is being updated to reflect this and other common issues with startup : https://github.com/pi-hole/docker-pi-hole/pull/384/files#diff-04c6e90faac2675aa89e2176d2eec7d8

[mjw210]

Sorry, that comment was specifically for BigSnicker and in relation specifically to running as a docker container within the Synology DSM environment. High Privileges gives the container root privileges. I'm running into issues running without high privileges even after applying cap-add=NET_ADMIN

[BigSnicker]

Sorry, that comment was specifically for BigSnicker and in relation specifically to running as a docker container within the Synology DSM environment. High Privileges gives the container root privileges. I'm running into issues running without high privileges even after applying cap-add=NET_ADMIN

Yep. I'm no expert and kinda brute forced my way into this hack, but I also needed High Privileges for it to function, which I suspect is probably due to DSM being stingy about letting containers get any privileges above the most basic.

Hopefully someone will know if there's a way to finesse this. My router recently detected my Synology sending traffic to a domain ending in *.su (ex-Soviet Union), which was flagged as suspect.... so I'm not a huge fan of leaving it on high priv. lol

[nightah]

@diginc I know the requirement for NET_ADMIN privilege was removed for for version 4.2.2+ but I believe it is still necessary.

If I do not run it with those privileges it will just be stuck in the [✗] DNS resolution is currently unavailable loop.

Per one of the earlier comments by @danlo315 I can remove the local.lists file and it work for the initial boot but not for following restarts, only re-adding the CAP_ADMIN privilege has fixed this.

[firecodeing]

Hi, I have exactly the same problem. When I start the pihole

    --name pihole \
    -p 53:53/tcp -p 53:53/udp \
    -p 80:80 \
    -p 443:443 \
    -e TZ="America/Chicago" \
    -v "$(pwd)/etc-pihole/:/etc/pihole/" \
    -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
    --dns=127.0.0.1 --dns=1.1.1.1 \
    --cap-add=NET_ADMIN \
    --restart=unless-stopped \
    pihole/pihole:latest

I'm not able to restart the pihole afther a reboot of the docker container afther a reboot of the os.

The error I get is:

::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
 ::: Docker start setup complete
  [i] Pi-hole blocking is enabled
  [✗] DNS resolution is currently unavailable

[tg12]

Came here because of Google Search. Same issue.

[UmbeMont]

same issue

[dschaper]

Hopefully you're not still running version 4.

[UmbeMont]

Hopefully you're not still running version 4.

Existing DNS servers used (127.0.0.1 & 1.1.1.1)

i tried to modify setupvars.conf DNS1 and DNS 2 but nothing my network is all down

I have pihole on a synology with ip same as the synology and i was getting with ip:8080

i restarted the synology and all dead... i have no idea of what to do

I just downloaded :latest todaty from synology , so i guess i have last version

::: Testing pihole-FTL DNS: sudo: unable to resolve host pihole-pihole1: Connection timed out FTL started! ::: Testing lighttpd config: Syntax OK ::: All config checks passed, cleared for startup ... ::: Docker start setup complete [✗] DNS resolution is currently unavailable

[dschaper]

Open a new issue with the template fully filled out, answer every question.