PiHole Docker File requires open DNS to run with cloudflared

[emlynmac]

Describe the bug Using the docker file for PiHole, and enabling Cloudflare, the Cloudflare binary is downloaded on container first run rather than at container image build time.

This will cause failures on systems that have actively blocked un-encrypted DNS traffic over the usual port 53. As cloudflared cannot be downloaded, it will not exist or provide the DoH bridge required for pihole to function properly.

To Reproduce Steps to reproduce the behavior:

1. Block unencrypted DNS requests
2. Install the boostchicken/pihole docker image
3. podman exec to a shell in the container and observe that /opt/cloudflared is missing

Expected behavior Cloudflared should be included at image build time, so that it can be used where DoH traffic is enforced

UDM Information

• UDMPro
• Firmware Version: 1.11.4

Additional context Downloading the binary at image creation time, then uploading to docker.io should resolve the issue

[boostchicken]

hmmmmmmmmm. is this still an issue?

[emlynmac]

@boostchicken I haven't tried this in a while, but yes, it looks like the docker file is still downloading the cloud flare binary at first run, so it still requires DNS to resolve that prior to running, which if you have DNS blocked (aside from the to-be-installed pinhole instance) fails to resolve.

[boostchicken]

yeah for sure. is this preventing you from using this or have you found a work around? basically, do you need me to fix it?

[emlynmac]

The workaround is to disable the DNS block firewall rule, update the pi hole container and then reenable. It's not urgent to fix; to be honest I've been meaning to spend some time investigating but haven't yet.

[pedropombeiro]

This should be fixed once https://github.com/unifi-utilities/unifios-utilities/pull/483 is merged.