PiHole Docker doenst use correct DNS Servers (always defaults to googles)

[CurlyFlow]

In raising this issue, I confirm the following: {please fill the checkboxes, e.g: [X]}

• [x] I have read and understood the contributors guide.
• [x] The issue I am reporting can be replicated.
• [x] The issue I am reporting isn't a duplicate (see FAQs, closed issues, and open issues).

How familiar are you with the the source code relevant to this issue?:

1

---

Expected behaviour:

I can change the dns servers in pi like i want

Actual behaviour:

It defaults to googles dns always (after each restart)

Steps to reproduce:

`1. install docker pihole/pihole:latest

2. in the webinterface change the dns like u want and save it now works until you restart the docker 3. Until this its a expected behaivor, but if you now use --dns=192.168.0.1, it also dont get used, thats the bug 4. i expect that pihole uses the dns provided via --dns or atleast save the dns i set in the webinterface`

Debug token provided by uploading pihole -d log:

https://tricorder.pi-hole.net/4hiw4kakmh

Troubleshooting undertaken, and/or other relevant information:

{Steps of what you have done to fix this}

Ive posted on reddit before, but didnt got any help, so ill guess its a bug.

It should use the dns provided via --dns ?

Im using "pihole/pihole:latest https://hub.docker.com/r/pihole/pihole/" With the following argument " -e WEBPASSWORD= -v /mnt/user/appdata/pihole:/etc/pihole --cap-add=NET_ADMIN --dns=127.0.0.1 --dns=192.168.0.1 --restart=unless-stopped "

Problem is it doesnt use 192.168.0.1, what i change inside the webinterface of pihole gets complete removed after each restart. So i dont see a way to use your own dns server!?

Why is he sayin "WARNING Misconfigured DNS in /etc/resolv.conf: Two DNS servers are recommended, 127.0.0.1 and any backup server"

Is this also a bug in the pihole docker!?

[mcarson75]

I think you are getting confused by two different types of DNS settings. The --dns settings control which ip the container itself uses to resolve hostnames at the OS level. The DNS1 and DNS2 environment variables control which upstream resolvers pihole uses (the ones set in the web interface). So what you probably want to do is set --dns to 127.0.0.1 and then set DNS1 to 192.168.0.1 (and DNS2 to "no").

[CurlyFlow]

I think you are getting confused by two different types of DNS settings. The --dns settings control which ip the container itself uses to resolve hostnames at the OS level. The DNS1 and DNS2 environment variables control which upstream resolvers pihole uses (the ones set in the web interface). So what you probably want to do is set --dns to 127.0.0.1 and then set DNS1 to 192.168.0.1 (and DNS2 to "no").

Yes, this is very confusing.

1.) Still my point is it doesnt save what ever i enter in the webpanel. (if i change the checkboxes it works, but i cant save a custom DNS server like 192.168.0.1)

-- to clarify this, i can set the custom dns, and it works while its running, but after each gestart these settings get reset. This should be controllable via docker or am i wrong?

2.) what about the errors in the log, shouldnt the docker image be perfect?

Using default DNS servers: 8.8.8.8 & 8.8.4.4

WARNING Misconfigured DNS in /etc/resolv.conf: Two DNS servers are recommended, 127.0.0.1 and any backup server WARNING Misconfigured DNS in /etc/resolv.conf: Primary DNS should be 127.0.0.1 (found 127.0.0.11)

3.) what is the correct way for OS dns? Should i seperate this out of my LAN? Like --dns=127.0.01 and --dns=8.8.8.8 or should i set the second dns also to my LAN dns 192.168.0.1 - i guess it doesnt matter and safer would be 8.8.8.8

Okay, just to be sure i redid everything.

1. i set DNS via docker variable to --dns=127.0.0.1 --dns=8.8.8.8

2. restartet

3. removed both google servers (checkboxes) and set my own dns server 192.168.0.1 at the right top

Custom 1 (IPv4)

4. save

The DNS settings have been updated (using 1 DNS servers)

5. look if its working

Sep 11 11:00:38 dnsmasq[1382]: query[A] something.com from 192.168.86.1 Sep 11 11:00:38 dnsmasq[1382]: forwarded something.com to 192.168.0.1 Sep 11 11:00:38 dnsmasq[1382]: query[A] something.com from 192.168.86.1 Sep 11 11:00:38 dnsmasq[1382]: forwarded something.com to 192.168.0.1 Sep 11 11:00:38 dnsmasq[1382]: something.com is CNAME

6. seems to work

7. restart docker

8. LOL This time it worked, it had saved my custom DNS Server (the first time after restart) Ill be back when i see it failing again. Still i would like if the devs could fix the docker (error messages)

[diginc]

--dns=127.0.0.1 --dns=192.168.0.1 should get rid of the WARNING messages. However some Docker's service just don't seem to listen to docker run --dns arguments properly for whatever reason.

It is docker's job to manage /etc/resolv.conf DNS. Sorry that is not really in my control when they fail to manage the resolv.conf. It seems more like a bug in the docker service on certain OS/hardware. Others have found a work around is taking over management of /etc/resolv.conf them selves (with a docker volume file mount) to resolve this issue.

[wrosenauer]

The subject matches my issue but the discussion not that much. Still commenting here. My docker configuration looks like this: dns:

• 127.0.0.1
• 217.237.148.102 environment: DNS1: 217.237.148.102 DNS2: 217.237.151.115 But when I enter the webinterface there is no custom DNS visible which is defined before and all requests seem to go to Google instead.

[CurlyFlow]

It happend again.

I didnt touched anything since last time. Only thing i can think of is that it got updated and or backuped (i use CA Plugins on unraid for it).

Im not sure what exactly you guys need to check it. Please tell me. I try my best.

Thats the latest log:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] 01-resolver-resolv: applying... [fix-attrs.d] 01-resolver-resolv: exited 0. [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 20-start.sh: executing... ::: Starting docker specific checks & setup for docker pihole/pihole WARNING Misconfigured DNS in /etc/resolv.conf: Two DNS servers are recommended, 127.0.0.1 and any backup server

WARNING Misconfigured DNS in /etc/resolv.conf: Primary DNS should be 127.0.0.1 (found 127.0.0.11)

nameserver 127.0.0.11 options ndots:0 [i] Existing PHP installation detected : PHP version 7.0.33-0+deb9u5

[i] Installing configs from /etc/.pihole... [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone! chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory ::: Pre existing WEBPASSWORD found Docker DNS variables not used Existing DNS servers used (8.8.8.8 & 8.8.4.4) DNSMasq binding to default interface: eth0 Added ENV to php: "PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",

"ServerIP" => "192.168.86.5", "VIRTUAL_HOST" => "192.168.86.5", Using IPv4 ::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early)) https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts https://mirror1.malwaredomains.com/files/justdomains http://sysctl.org/cameleon/hosts https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt https://hosts-file.net/ad_servers.txt https://hosts-file.net/grm.txt https://reddestdream.github.io/Projects/MinimalHosts/etc/MinimalHostsBlocker/minimalhosts https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts https://v.firebog.net/hosts/static/w3kbl.txt https://v.firebog.net/hosts/BillStearns.txt https://www.dshield.org/feeds/suspiciousdomains_Low.txt https://www.dshield.org/feeds/suspiciousdomains_Medium.txt https://www.dshield.org/feeds/suspiciousdomains_High.txt https://www.joewein.net/dl/bl/dom-bl-base.txt https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt https://someonewhocares.org/hosts/zero/hosts https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt https://raw.githubusercontent.com/vokins/yhosts/master/hosts http://winhelp2002.mvps.org/hosts.txt https://hostsfile.mine.nu/hosts0.txt https://v.firebog.net/hosts/Kowabit.txt https://adaway.org/hosts.txt https://v.firebog.net/hosts/AdguardDNS.txt https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt https://v.firebog.net/hosts/Easylist.txt https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts;showintro=0 https://raw.githubusercontent.com/StevenBlack/hosts/master/data/UncheckyAds/hosts https://www.squidblacklist.org/downloads/dg-ads.acl https://v.firebog.net/hosts/Easyprivacy.txt https://v.firebog.net/hosts/Prigent-Ads.txt https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.2o7Net/hosts https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt https://v.firebog.net/hosts/Airelle-trc.txt https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt ::: Testing pihole-FTL DNS: FTL started! ::: Testing lighttpd config: Syntax OK ::: All config checks passed, cleared for startup ... ::: Docker start setup complete [i] Pi-hole blocking is enabled [i] Neutrino emissions detected...

[i] Target: raw.githubusercontent.com (hosts)

[i] Target: mirror1.malwaredomains.com (justdomains)

[i] Target: sysctl.org (hosts)

[i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)

[i] Target: s3.amazonaws.com (simple_tracking.txt)

[i] Target: s3.amazonaws.com (simple_ad.txt)

[i] Target: hosts-file.net (ad_servers.txt)

[i] Target: hosts-file.net (grm.txt)

[i] Target: reddestdream.github.io (minimalhosts)

[i] Target: raw.githubusercontent.com (hosts)

[i] Target: raw.githubusercontent.com (hosts)

[i] Target: v.firebog.net (w3kbl.txt)

[i] Target: v.firebog.net (BillStearns.txt)

[i] Target: www.dshield.org (suspiciousdomains_Low.txt)

[i] Target: www.dshield.org (suspiciousdomains_Medium.txt)

[i] Target: www.dshield.org (suspiciousdomains_High.txt)

[i] Target: www.joewein.net (dom-bl-base.txt)

[i] Target: raw.githubusercontent.com (spammers.txt)

[i] Target: someonewhocares.org (hosts)

[i] Target: raw.githubusercontent.com (main-blacklist.txt)

[i] Target: raw.githubusercontent.com (hosts)

[i] Target: winhelp2002.mvps.org (hosts.txt)

[i] Target: hostsfile.mine.nu (hosts0.txt)

[i] Target: v.firebog.net (Kowabit.txt)

[i] Target: adaway.org (hosts.txt)

[i] Target: v.firebog.net (AdguardDNS.txt)

[i] Target: raw.githubusercontent.com (adservers.txt)

[i] Target: v.firebog.net (Easylist.txt)

[i] Target: pgl.yoyo.org (serverlist.php?hostformat=hosts;showintro=0)

[i] Target: raw.githubusercontent.com (hosts)

[i] Target: www.squidblacklist.org (dg-ads.acl)

[i] Target: v.firebog.net (Easyprivacy.txt)

[i] Target: v.firebog.net (Prigent-Ads.txt)

[i] Target: gitlab.com (notrack-blocklist.txt)

[i] Target: raw.githubusercontent.com (hosts)

[i] Target: raw.githubusercontent.com (spy.txt)

[i] Target: v.firebog.net (Airelle-trc.txt)

[i] Target: raw.githubusercontent.com (android-tracking.txt)

[i] Target: raw.githubusercontent.com (SmartTV.txt)

[i] Number of domains being pulled in by gravity: 536649 [i] Number of unique domains trapped in the Event Horizon: 379757 [i] Number of blacklisted domains: 4 [i] Number of regex filters: 17

[✓] DNS service is running [✓] Pi-hole blocking is Enabled [cont-init.d] 20-start.sh: exited 0. [cont-init.d] done. [services.d] starting services Starting pihole-FTL (no-daemon) as root Starting crond [services.d] done. Starting lighttpd

Thats the latest log from unraid regrading pihole:

Sep 23 06:19:27 Unraid-Server Docker Auto Update: Installing Updates for Netdata pihole Sep 23 06:20:11 Unraid-Server Docker Auto Update: Community Applications Docker Autoupdate finished

(many of them, for every docker update, it gets checked every day)

[✓] Your debug token is: https://tricorder.pi-hole.net/wqimavxk15

I think the problem is, it doesnt save the DNS i entered after update, could that be the problem???

[mcarson75]

Did you ever add the DNS1 and DNS2 environment variables like I mentioned above? So your complete argument string should be:

" -e WEBPASSWORD= -v /mnt/user/appdata/pihole:/etc/pihole --cap-add=NET_ADMIN --dns=127.0.0.1 --dns=8.8.8.8 --env DNS1=192.168.0.1 --env DNS2="no" --restart=unless-stopped "

I'm not sure if you need the quotes on the "no" for DNS2 or not.

[CurlyFlow]

LoL, sorry, i didnt read that.

I tried it and it seems to work, MANY thanks.

Ill report back if i have again issues. THANKS. :-)

DNS2="no" did the trick.

Just btw, its still confusing, SHOULDNT the docker container KEEEP settings while getting updated??? Like my Lists are also saved (?) -- even without docker arguments?

[makew0rld]

Is the dns setting in the docker-compose file not supposed to set the Pi-hole DNS? I am also experiencing it defaulting to Google.

[CurlyFlow]

Look at my command! There are 2 different, nearly the same, commands. (thats not very clever, btw)

[makew0rld]

How does that work for docker-compose though?

[mcarson75]

You just need to add "DNS1" and "DNS2" environment variables in the docker-compose file.

[wrosenauer]

The subject matches my issue but the discussion not that much. Still commenting here. My docker configuration looks like this: dns:

• 127.0.0.1
• 217.237.148.102 environment: DNS1: 217.237.148.102 DNS2: 217.237.151.115 But when I enter the webinterface there is no custom DNS visible which is defined before and all requests seem to go to Google instead.

see my post from a few weeks ago. Seems not to work for me.

[mcarson75]

@wrosenauer Are you mapping your pihole config to your local drive? If so I'm not sure which will take precedence - the environment variables in docker-compose or the dns servers configured in setupVars.conf. If you have mapped it, take a look at the setupVars.conf file there and see what is defined under "PIHOLE_DNS_1" and "PIHOLE_DNS_2". If it is configured for Google DNS, change them to your preferred servers and try restarting the container.

This is just a shot in the dark without knowing more about your setup.

[diginc]

Regarding the confusion of the environment DNS variable and the docker DNS argument, I was considering changing the environment to match the internal setupVars.conf value of PIHOLEDNS* to make it clearer one is docker's and one is Pi-hole's

[CurlyFlow]

What ever you do, if its not nearly the same, it will be better. :) I would call it "systemdns" "upstreamdns1 "upstreamdns2" - its more to write, but 100% clear.

I still wonder why your docker does not save setting set inside it (like the DNS settings) - if that is not possible, you should write that somewhere in the UI.

[SHSolution]

I‘ve got the same problem with pi hole in Docker. The DNS Servers set in the Web UI are reset after every restart of the container. Other things for example the block list are still there after restart. So whether the DNS servers are not persisted to /etc/pihole - which I have mapped to a lokal folder - or the setting is not applied after restart. Bugfix welcome... KG

[ryansch]

The DNS settings are persisted to /etc/pihole/setupVars.conf. The settings persist after the container is removed. However, when the container starts up again, it overwrites the file.

If I'm reading the code correctly, we scrub setupVars.conf here: https://github.com/pi-hole/docker-pi-hole/blob/49ed8a0b2cf3a889eddc608290495bbff0af29e1/bash_functions.sh#L83

Then we regenerate the DNS settings here: https://github.com/pi-hole/docker-pi-hole/blob/49ed8a0b2cf3a889eddc608290495bbff0af29e1/bash_functions.sh#L133

[axwell]

i have the same issue, any ETA on this bugfix ?

[DanielOberlechner]

Hi, I tried to upgrade my pihole to the newest version, and all DNS settings were reseted to default. I have a docker-compose.yaml file where I specify to use the NIC eth0.

PiHole didn't get that, and reseted all DNS Settings to default, but everything else works like before the upgrade ... I looked into the docker logs but I couldn't find anything interesting ...

Google was also no help, so I hope somebody here know's what is wrong??

Can anyone explain to me what I did wrong?

Greets Daniel

[imtbl]

Can confirm this is still an issue. Is this intended behavior? Feels like resetting to the default is not something you would normally want to do or expect as a user when recreating the container.

[cryzed]

Same here, this is a huge issue -- especially if you want to prevent DNS leaks while using a VPN and blindly rely on Pi-hole just working as expected.

[ryansch]

To be clear: the current workaround is to set the DNS1 and DNS2 env vars. Every time the container is started, it will overwrite the dns settings with those values.

[imtbl]

Yes, that works. But this is still not good default behavior.

[ryansch]

Agreed.

[cryzed]

Isn't this simply a matter of checking here if the setupVars.conf exists and not overwriting it?

EDIT: Ah no, you guys check already if it exists. You would have to basically merge the existing setupVars.conf with the environment variables and defaults, with keys in the existing setupVars.conf having a higher priority, I think. But yes the workaround works for now, thanks. Maybe a comment in the README would be useful temporarily.

[casperklein]

Same issue as here: https://github.com/pi-hole/docker-pi-hole/issues/604

[TheGITofTeo997]

Same in #719

[PromoFaux]

Closed in place of the pinned #720