docker-composer container with macvlan fails to start with DNS error, does not respect dns entry in compose file

[fergu]

This is a...

• [ ] Request for a new or modified feature
• [ X ] Issue trying to run the docker image
• [ ] Issue trying to build / test / develop the docker image

Description

I have found a host of similar issues around the internet in my googling. Basically, trying to start the pihole docker container with docker-compose up results in an error complaining about incorrect entries in /etc/resolv.conf (specifically, that the first entry is 127.0.0.11). The proposed solution on the website has been to use docker run <...> --dns=127.0.0.1 .... Other googling suggests that simply filling in the dns: entry in the docker-compose.yml file should do the trick.

My issue is that using the example docker-compose file, with the required modifications to add a macvlan network still fails with this error when following the steps outlined on this site.

I have confirmed that switching to network_mode: host (again, following the directions linked above) works with no other modifications.

Expected Behavior

It should start

Actual Behavior

It does not

Possible Fix

Steps to Reproduce and debugging done

See description above

Debug steps I have tried

• [ X ] I have tried destroying my container instance, pulling the newest image version, and re-creating a new container
• [ ? ] I have tried running the nearly stock docker run example in the readme (removing any customizations I added)
• [ X ] I have tried running without my volume data mounts to eliminate volumes as the cause
• [ X ] I have searched this repository for existing issues and pull requests that look similar

Your Environment

• Docker Host Operating System and OS Version: Debian Buster
• Docker Version: (Unavailable right now - will add. Should be newest in repo though as I installed it a few days ago)
• Hardware architecture: x86

[fergu]

So - I will confirm that overwriting /etc/resolv.conf using a mount in docker-compose.yml does work, though it's certainly a workaround. So this issue boils down to the whole "pihole doesn't like that 127.0.0.1 isn't in resolv.conf" issue that's extensively discussed elsewhere.

Perhaps the documentation should mention something about how to solve this issue for docker-compose users, especially since a compose file is still on the main documentation page (and in fact is there instead of a Dockerfile)? Currently all that is mentioned is to use docker run <...> --dns=... which won't work with compose, and I was certainly confused on if mounting over resolv.conf was the right thing to do or not.

[diginc]

Are you running v5.0 ? Funnily enough I was just removing the check for that 127.0.0.1 check last night and opened a PR for that before seeing this issue : https://github.com/pi-hole/docker-pi-hole/pull/618

[fergu]

I have been running the latest docker image (pihole:latest) which (just checked) is V5.0.

[buckaroogeek]

I run docker-pi-hole with a macvlan via docker-compose without problems (pihole v4,x, I have not updated to 5 yet). I can share if that helps.

brad

On Tue, May 12, 2020 at 3:39 PM Kevin notifications@github.com wrote:

I have been running the latest docker image (pihole:latest) which (just checked) is V5.0.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/pi-hole/docker-pi-hole/issues/614#issuecomment-627636747, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKDYHQ3E7IBAKV2BU5C6LDRRHF2BANCNFSM4M5SN6ZQ .

[fergu]

I'd certainly like to see it! I ended up just plugging another ethernet cable in to the second LAN port on my machine to get macvlan working since I could never manage to get bridging to work in an automated/persisted way. I'd guess that examples like that would be helpful to anyone else in my shoes that stumbles across this in a google search too.

[buckaroogeek]

I uploaded the docker-compose.yaml file to https://github.com/buckaroogeek/unifi-pihole-doh-docker. There is a lot more than just the pi-hole and macvlan but the other content can be stripped out as needed. Please let me know if you have questions.

[kanonengedonner]

I uploaded the docker-compose.yaml file to https://github.com/buckaroogeek/unifi-pihole-doh-docker. There is a lot more than just the pi-hole and macvlan but the other content can be stripped out as needed. Please let me know if you have questions.

I am on synology too (ds1019+). Similar yml file, but no go. I am at a loss at what the problem might be!

Container logs Yml file

[buckaroogeek]

@kanonengedonner - the log file seems to show that pi-hole is running but dns is not resolving. This seems to be a common problem often related to a configuration on the network router (eg https://discourse.pi-hole.net/t/can-not-install-pihole-keep-getting-dns-resolution-is-currently-unavailable/17919/13). I suggest that you review some of these posts to see if there is useful tip for you.

[kanonengedonner]

Thx. Not sure if the link you suggested is any related (they talked about dd-wrt's “Forced DNS Redirection” feature), but It was indeed my Sophos UTM firewall.

I had to create a firewall rule and open up the pihole's IP to any/all traffic. I am not sure how safe that is though.

[buckaroogeek]

Thanks for the update. Glad you have it working. By default the Pi Hole will be using port 53 tcp/udp traffic to query upstream DNS server(s). You could quite possibly customize the firewall rule to safely allow just this traffic on this port - assuming all devices on your private network are using the pihole.

Best

[kanonengedonner]

bingo ....it was Pi-hole IP on tcp/udp 53.

In the general scheme of things I should have thought about it myself. The pi-hole needed to connect to the outside on some port after all.

What threw me off were the container log errors and the /etc/resolv.conf error which sent me on another route.

Much appreciated.

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.