chriscrowe / docker-pihole-unbound Goto Github PK

Hey,

would run this on my Synology but I get the error that S6 Hangup.

[cont-finish.d] executing container finish scripts...
pihole | [cont-finish.d] done.
pihole | [s6-finish] waiting for services.
pihole | [s6-finish] sending all processes the TERM signal.
pihole | ./start_unbound_and_s6_init.sh: line 3: 22 Hangup /s6-init

The container is alyways restart:

df66eba54de8 cbcrowe/pihole-unbound:latest "/bin/bash -c ./star…" 7 minutes ago Restarting (129) 13 seconds ago pihole

Docker Compose file has some small changes:

version: '2'

services:
pihole:
container_name: pihole
image: cbcrowe/pihole-unbound:latest
hostname: pihole
domainname: fritz.box
ports:
- 8443:443/tcp
- 53/tcp
- 53/udp
- 80:80/tcp
- 22/tcp # Uncomment to enable SSH
environment:
ServerIP: ${ServerIP}
TZ: ${TZ}
WEBPASSWORD: ${WEBPASSWORD}
REV_SERVER: ${REV_SERVER}
REV_SERVER_TARGET: ${REV_SERVER_TARGET}
REV_SERVER_DOMAIN: ${REV_SERVER_DOMAIN}
REV_SERVER_CIDR: ${REV_SERVER_CIDR}
DNS1: 127.0.0.1#5335 # Hardcoded to our Unbound server
DNS2: 127.0.0.1#5335 # Hardcoded to our Unbound server
DNSSEC: "true" # Enable DNSSEC
SKIPGRAVITYONBOOT: "1"
PUID: "1026"
PGID: "100"
network_mode: "host"
volumes:
- /etc/localtime:/etc/localtime:ro
- /volume3/docker/pihole/etc-pihole:/etc/pihole:rw
- /volume3/docker/pihole/etc-dnsmasq.d:/etc/dnsmasq.d:rw
restart: unless-stopped
logging:
driver: json-file
options:
max-size: "10m"

any Ideas i can do?

Sorry if this isn't the place for this. I'm brand-new to unbound, and have only been using pihole for a few weeks.

Followed your tutorial, and pihole is green and 'healthy' in side of portainer. It's upstream DNS are correctly set as "127.0.0.1#5335". I'm seeing "OK (forwarded to localhost:5335 INSECURE" entries in the pihole log. I see "CNAME" and "IP" entries in the pihole Reply column.

When I try the $dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 command the response is "connection timed out; no servers could be reached". whatismyip.com shows what looks like a legit public IP.

So, I'm uncertain if unbound is working or not...

If you enable DHCP and change settings or create reservations they are lost on container recreation.

https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684

This explains the files required. I modified the readme and added a file mounted inside the container for the 2 DHCP ones

  - /volume4/docker/pihole-unbound/pihole/config/pihole-dhcp.conf:/etc/dnsmasq.d/02-pihole-dhcp.conf:rw
  - /volume4/docker/pihole-unbound/pihole/config/pihole-static-dhcp.conf:/etc/dnsmasq.d/04-pihole-static-dhcp.conf:rw

But this should likely be documented somewhere.

I change the WEBPASSWORD in the docker-pihole-unbound/one-container/.env file. then run "docker-compose up -d" to start.
but the password is never changed, I must use the example password. am I doing something wrong?

however, if I change the HOSTNAME in the .env file, I can see that changes when I log in. but yet the WEBPASSWORD does not get updated.

Hi Chris,

Thanks for putting this all together, this is not so much an issue as it is my inability to set this up correctly. In my network 192.168.1.5 to 192.168.1.10 is taken. So I tried to configure the macvlan to use 192.168.11 and 192.168.1.12. This was my docker-compose file.

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: pi-hole
    mac_address: d0:ca:ab:cd:ef:01
    cap_add:
      - NET_ADMIN
    ports:
      - 443/tcp
      - 53/tcp
      - 53/udp
      # - 67/udp # Uncomment if you want to use Pi-Hole for DHCP
      - 80/tcp
      - 22/tcp
    environment:
      ServerIP: 192.168.1.11
      WEBPASSWORD: ${WEBPASSWORD}
      DNS1: 192.168.1.12
      DNS2: 192.168.1.13
    volumes:
      - /var/lib/docker/pihole-unbound/pihole/volume:/etc/pihole:rw
      - /var/lib/docker/pihole-unbound/pihole/config/hosts:/etc/hosts:ro
      - /var/lib/docker/pihole-unbound/pihole/config/resolv.conf:/etc/resolv.conf:ro
      - /var/lib/docker/pihole-unbound/pihole/config/dnsmasq.conf:/etc/dnsmasq.d/02-network.conf:ro
      - /var/lib/docker/pihole-unbound/pihole/config/pihole-FTL.conf:/etc/pihole/pihole-FTL.conf:ro
    networks:
      home:
        ipv4_address: 192.168.1.11
 restart: always
  unbound:
    container_name: unbound
    image: mvance/unbound:latest
    hostname: syn-unbound
    mac_address: d0:ca:ab:cd:ef:02

      WEBPASSWORD: ${WEBPASSWORD}
      DNS1: 192.168.1.12
      DNS2: 192.168.1.13
    volumes:
      - /var/lib/docker/pihole-unbound/pihole/volume:/etc/pihole:rw
      - /var/lib/docker/pihole-unbound/pihole/config/hosts:/etc/hosts:ro
      - /var/lib/docker/pihole-unbound/pihole/config/resolv.conf:/etc/resolv.conf:ro
      - /var/lib/docker/pihole-unbound/pihole/config/dnsmasq.conf:/etc/dnsmasq.d/02-network.conf:ro
      - /var/lib/docker/pihole-unbound/pihole/config/pihole-FTL.conf:/etc/pihole/pihole-FTL.conf:ro
    networks:
      home:
        ipv4_address: 192.168.1.11
    restart: always
  unbound:
    container_name: unbound
    image: mvance/unbound:latest
    hostname: syn-unbound
    mac_address: d0:ca:ab:cd:ef:02
    ports:
      - 53/tcp
      - 53/udp
    networks:
      home:
        ipv4_address: 192.168.1.12
    restart: always

networks:
  home:
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: 192.168.1.0/24
          gateway: 192.168.1.1
          ip_range: 192.168.1.11/30 # 192.168.1.5 and 192.168.1.6

My status shows as

CONTAINER ID        IMAGE                   COMMAND             CREATED             STATUS                             PORTS               NAMES
203d7135189c        pihole/pihole:latest    "/s6-init"          9 minutes ago       Up 41 seconds (health: starting)                       pihole
c0557b4f3e8e        mvance/unbound:latest   "/unbound.sh"       9 minutes ago       Restarting (1) 4 seconds ago                           unbound

A scan shows 192.168.1.11 as active but not 192.168.1.12

My logs for "Unbound" show

standard_init_linux.go:211: exec user process caused "exec format error"

I have read through the linked macvlan documentation but I cannot figure it out. Do you have any suggestions please? Is this to do with running on arm software?

Thanks

Hi,

Newbie here. I am trying to set up pi-hole+unbound in my rpi. I have ovm installed so I need to use docker to install this. I have tried to follow the instructions provided but maybe I have to do something first because there are some errors and the container keeps restarting. Any help would be greatly appreciated.

chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory,
Converting DNS1 to PIHOLE_DNS_,
Converting DNS2 to PIHOLE_DNS_,
Setting DNS servers based on PIHOLE_DNS_ variable,
::: Pre existing WEBPASSWORD found,
DNSMasq binding to default interface: eth0,
Added ENV to php:,
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",,
			"ServerIP" => "192.168.0.179",,
			"VIRTUAL_HOST" => "192.168.0.179",,
Using IPv4 and IPv6,
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early)),
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts,
sudo: unable to resolve host pihole: Name or service not known,
,
dnsmasq: failed to create listening socket for port 53: Address already in use,
::: Testing pihole-FTL DNS: [cont-init.d] 20-start.sh: exited 1.,
[cont-finish.d] executing container finish scripts...,
[cont-finish.d] done.,
[s6-finish] waiting for services.,
[s6-finish] sending all processes the TERM signal.,
./start_unbound_and_s6_init.sh: line 3:    23 Hangup                  /s6-init,
[1613556056] unbound[17:0] warning: so-rcvbuf 1048576 was not granted. Got 360448. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.,
Starting DNS server: unbound.,
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.,
[s6-init] ensuring user provided files have correct perms...exited 0.,
[fix-attrs.d] applying ownership & permissions fixes...,
[fix-attrs.d] 01-resolver-resolv: applying... ,
[fix-attrs.d] 01-resolver-resolv: exited 0.,
[fix-attrs.d] done.,
[cont-init.d] executing container initialization scripts...,
[cont-init.d] 20-start.sh: executing... ,
 ::: Starting docker specific checks & setup for docker pihole/pihole,
,
  [i] Installing configs from /etc/.pihole...,
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!,
  [i] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf...
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf,
chown: cannot access '': No such file or directory,
chmod: cannot access '': No such file or directory,
chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory,
Converting DNS1 to PIHOLE_DNS_,
Converting DNS2 to PIHOLE_DNS_,
Setting DNS servers based on PIHOLE_DNS_ variable,
::: Pre existing WEBPASSWORD found,
DNSMasq binding to default interface: eth0,
Added ENV to php:,
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",,
			"ServerIP" => "192.168.0.179",,
			"VIRTUAL_HOST" => "192.168.0.179",,
Using IPv4 and IPv6,
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early)),
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts,
sudo: unable to resolve host pihole: Name or service not known,
,
dnsmasq: failed to create listening socket for port 53: Address already in use,
::: Testing pihole-FTL DNS: [cont-init.d] 20-start.sh: exited 1.,
[cont-finish.d] executing container finish scripts...,
[cont-finish.d] done.,
[s6-finish] waiting for services.,
[s6-finish] sending all processes the TERM signal.,
./start_unbound_and_s6_init.sh: line 3:    22 Hangup                  /s6-init,
[1613556119] unbound[17:0] warning: so-rcvbuf 1048576 was not granted. Got 360448. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.,
Starting DNS server: unbound.,
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.,
[s6-init] ensuring user provided files have correct perms...exited 0.,
[fix-attrs.d] applying ownership & permissions fixes...,
[fix-attrs.d] 01-resolver-resolv: applying... ,
[fix-attrs.d] 01-resolver-resolv: exited 0.,
[fix-attrs.d] done.,
[cont-init.d] executing container initialization scripts...,
[cont-init.d] 20-start.sh: executing... ,
 ::: Starting docker specific checks & setup for docker pihole/pihole,
,
  [i] Installing configs from /etc/.pihole...,
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!,
  [i] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf...
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf,
chown: cannot access '': No such file or directory,
chmod: cannot access '': No such file or directory,
chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory,
Converting DNS1 to PIHOLE_DNS_,
Converting DNS2 to PIHOLE_DNS_,
Setting DNS servers based on PIHOLE_DNS_ variable,
::: Pre existing WEBPASSWORD found,
DNSMasq binding to default interface: eth0,
Added ENV to php:,
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",,
			"ServerIP" => "192.168.0.179",,
			"VIRTUAL_HOST" => "192.168.0.179",,
Using IPv4 and IPv6,
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early)),
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts,
sudo: unable to resolve host pihole: Name or service not known,
,
dnsmasq: failed to create listening socket for port 53: Address already in use,
::: Testing pihole-FTL DNS: [cont-init.d] 20-start.sh: exited 1.,
[cont-finish.d] executing container finish scripts...,
[cont-finish.d] done.,
[s6-finish] waiting for services.,
[s6-finish] sending all processes the TERM signal.,
./start_unbound_and_s6_init.sh: line 3:    22 Hangup                  /s6-init,

I followed the README 'guide' to install this, but when I run docker logs pihole | grep random I get this error:

[1612393931] unbound[17:0] warning: so-rcvbuf 1048576 was not granted. Got 360448. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.

I'm trying to use the one-container version, by the way.

Hi, I'm new with using docker. I decided to ask here cuz I coud not find the solution anywhere. So I tested that pihole-unbound one-container build and it works really good, but my router in DHCP settings haven't got option to put custom DNS server, so I have to turn on somehow DHCP at the container. There is a problem - when I'm starting DHCP server the container keeps restarting, PiHole page is working but it can't connect with network. I think I'm doing sth wrong so. I'm looking for a solution to set up DHCP server correctly. I'm using macvlan to have specific address IP for my ph. I don't understand how it's working - maybe if I had known I would do it. Can someone explain me it if could? (Sorry for my english, if there are any mistakes)

When will an update container with 5.7 be available?

I tried to run your docker-image on a raspberry pi zero but it keeps restarting over and over again. This seems related to the report made here, here and here. Is there something you can do to make the image compatible with a raspberry pi zero?

I followed your guide to set up pi-hole and unbound in docker using only one container and everything worked fine (thanks!)

Now I would like to repeat the procedure on another computer that is already running Nextcloud on port 80
So I read that, theoretically, I could use macvlan to assign a static IP address to my containers, avoiding conflicts with the host's port 80... Is it possible also while using your docker-compose? And if so what should be changed in the .yaml file to do it?

I just installed this version via portainer docker.

Here's my config:

version: '2'

services:
pihole:
container_name: pihole-unbound
image: cbcrowe/pihole-unbound:latest
hostname: Unbound-pi
domainname: pihole.local
ports:
- 943:443/tcp
- 53/tcp
- 53/udp
- 880:80/tcp
# - 22/tcp # Uncomment to enable SSH
environment:
ServerIP: ${ServerIP}
TZ: America/Chicago
WEBPASSWORD: xxxx
REV_SERVER:
REV_SERVER_TARGET:
REV_SERVER_DOMAIN: local
REV_SERVER_CIDR:
DNS1: 127.0.0.1#5335 # Hardcoded to our Unbound server
DNS2: 127.0.0.1#5335 # Hardcoded to our Unbound server
DNSSEC: "true" # Enable DNSSEC
network_mode: "host"
volumes:
- /home/mythtv/dPi/etc:/etc/pihole:rw
- /home/mythtv/dPi/dnsmasq:/etc/dnsmasq.d:rw
restart: unless-stopped

It is up, running - however, under query log, I see ton's of "INSECURE" messages. Is this normal? Is this how it's supposed to be?

This is my secondary Pi/Unbound. My first one is dedicated box with ubuntu - and that one doesn't have a single INSECURE.

Hello,

Is it possible to preserve the standard volume paths, as in the oficial pihole container's compose defaults?

  - './etc-pihole/:/etc/pihole/'
  - './etc-dnsmasq.d/:/etc/dnsmasq.d/'

Should be the paths, as default. It would be beneficial as other services might not detected pihole running on the host, ef the very nice: https://github.com/vmstan/gravity-sync

Could be related to ( #10 ).

Thank You,

Thanks for putting this together. This issue is in regards to a potential enhancement to the following statement:

If you want to change any of this Unbound config then you can fork MatthewVance's unbound-docker repo and modify his unbound.sh file.

Forking and re-building the container like is recommended in the README is certainly one way to achieve a custom config, but I'm wondering if it would be easier for end users if another method was used. Namely, mounting a custom config at runtime as described in the Unbound container README. It would require some volume mounts rather than a re-built container (potentially add commented out placeholders in the compose-file as examples?).

Anyway, I wanted to see what you thought of documenting an alternative method than forking/re-building. I'm good either way.

By the way, I haven't tested this setup yet (or used Pi-Hole yet) but need to explore more as I've received a few questions. I came across this repo when a mutual user of our containers asked for some help in this issue after getting stuck on forking and re-configuring the Unbound file to forward to a different upstream resolver. As I reading the docs, I thought of this alternative method.

I'm new to this op adres stuff with docker. What do I change?
My ds713+ is connected with 2 lan ports (192.168.2.95 and 192.168.2.96) which ips do I have to change ?

unbound | standard_init_linux.go:228: exec user process caused: exec format error
unbound | standard_init_linux.go:228: exec user process caused: exec format error
unbound | standard_init_linux.go:228: exec user process caused: exec format error
unbound | standard_init_linux.go:228: exec user process caused: exec format error
unbound exited with code 1
unbound | standard_init_linux.go:228: exec user process caused: exec format error
unbound | standard_init_linux.go:228: exec user process caused: exec format error
unbound | standard_init_linux.go:228: exec user process caused: exec format error
unbound | standard_init_linux.go:228: exec user process caused: exec format error
unbound | standard_init_linux.go:228: exec user process caused: exec format

Hello,

I'm having issues running this build in a multi-container environment that uses macvlans to make each container accessible directly on the network. Below is the compose section that I'm getting errors on. The shell is saying:

"yaml.scanner.ScannerError: while scanning a simple key
in "./docker-compose.yml", line 23, column 7
could not find expected ':'
in "./docker-compose.yml", line 24, column 7"

Compose section that I'm trying to run is:

"services:
pihole_UF1:
container_name: pihole_UF1
image: cbcrowe/pihole-unbound:latest
hostname: piholeUF1
domainname: piholeUF1.local
Expose:
- 443/tcp
- 53/tcp
- 53/udp
- 80/tcp
- 22/tcp # Uncomment to enable SSH
environment:
#ServerIP: ${ServerIP}
TZ: 'America/Los_Angeles'
WEBPASSWORD: 'PASSWORD_REDACTED'
#REV_SERVER: ${REV_SERVER}
#REV_SERVER_TARGET: ${REV_SERVER_TARGET}
#REV_SERVER_DOMAIN: ${REV_SERVER_DOMAIN}
#REV_SERVER_CIDR: ${REV_SERVER_CIDR}
DNS1:127.0.0.1#5335
DNS2:127.0.0.1#5335
DNSSEC: "true" # Enable DNSSEC
network_mode: "Bridge"
networks:
pi_vlan:
IPv4_address: 10.10.90.2
volumes:
- etc_pihole-unbound:/etc/pihole_UF1:rw
- etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d_UF1:rw
restart: unless-stopped"

Any help would be appreciated. This is my first experience with docker compose... So I apologize ahead of time for any noob questions I may have.

Hi there!

I was wondering where was stored the unbound-pihole.conf file on raspberry pi after installing this image. I need to activate IPV6 but cannot find it.

Any idea?

Thanks

I've read #57 so I'm partially aware of why you wouldn't want to do this, but since Android 9+, it seems like if we want to just point specific devices to a DNS, we would need DoT support, which means I can't simply tell my phone to DNS using my local address. Any ideas/chance with getting it working for LAN short of just redirecting all router traffic to the container? (Can't do that since I'm sharing network with others.)

So here are the logs, no matter what will not start.

[fix-attrs.d] 01-resolver-resolv: applying... 

[fix-attrs.d] 01-resolver-resolv: exited 0.

[fix-attrs.d] done.

[cont-init.d] executing container initialization scripts...

[cont-init.d] 20-start.sh: executing... 

 ::: Starting docker specific checks & setup for docker pihole/pihole


  [i] Installing configs from /etc/.pihole...

  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!

  [i] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf...
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf

Converting DNS1 to PIHOLE_DNS_

Converting DNS2 to PIHOLE_DNS_

Setting DNS servers based on PIHOLE_DNS_ variable

::: Pre existing WEBPASSWORD found

DNSMasq binding to default interface: eth0

Added ENV to php:

			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",

			"ServerIP" => "0.0.0.0",

			"VIRTUAL_HOST" => "0.0.0.0",

Using IPv4 and IPv6

::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts


dnsmasq: bad option at line 1 of /etc/dnsmasq.d/adlists.list

::: Testing pihole-FTL DNS: [cont-init.d] 20-start.sh: exited 1.

[cont-finish.d] executing container finish scripts...

[cont-finish.d] done.

[s6-finish] waiting for services.

[s6-finish] sending all processes the TERM signal.

./start_unbound_and_s6_init.sh: line 3:    22 Hangup                  /s6-init

[1620615489] unbound[17:0] warning: so-rcvbuf 1048576 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.

Starting DNS server: unbound.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.

[s6-init] ensuring user provided files have correct perms...exited 0.

[fix-attrs.d] applying ownership & permissions fixes...

[fix-attrs.d] 01-resolver-resolv: applying... 

[fix-attrs.d] 01-resolver-resolv: exited 0.

[fix-attrs.d] done.

[cont-init.d] executing container initialization scripts...

[cont-init.d] 20-start.sh: executing... 

 ::: Starting docker specific checks & setup for docker pihole/pihole


  [i] Installing configs from /etc/.pihole...

  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!

  [i] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf...
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf

Converting DNS1 to PIHOLE_DNS_

Converting DNS2 to PIHOLE_DNS_

Setting DNS servers based on PIHOLE_DNS_ variable

::: Pre existing WEBPASSWORD found

DNSMasq binding to default interface: eth0

Added ENV to php:

			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",

			"ServerIP" => "0.0.0.0",

			"VIRTUAL_HOST" => "0.0.0.0",

Using IPv4 and IPv6

::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts


dnsmasq: bad option at line 1 of /etc/dnsmasq.d/adlists.list

::: Testing pihole-FTL DNS: [cont-init.d] 20-start.sh: exited 1.

[cont-finish.d] executing container finish scripts...

[cont-finish.d] done.

[s6-finish] waiting for services.

[s6-finish] sending all processes the TERM signal.

./start_unbound_and_s6_init.sh: line 3:    22 Hangup                  /s6-init

[1620615490] unbound[18:0] warning: so-rcvbuf 1048576 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.

Starting DNS server: unbound.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.

[s6-init] ensuring user provided files have correct perms...exited 0.

[fix-attrs.d] applying ownership & permissions fixes...

[fix-attrs.d] 01-resolver-resolv: applying... 

[fix-attrs.d] 01-resolver-resolv: exited 0.

[fix-attrs.d] done.

[cont-init.d] executing container initialization scripts...

[cont-init.d] 20-start.sh: executing... 

 ::: Starting docker specific checks & setup for docker pihole/pihole


  [i] Installing configs from /etc/.pihole...

  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!

  [i] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf...
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf

Converting DNS1 to PIHOLE_DNS_

Converting DNS2 to PIHOLE_DNS_

Setting DNS servers based on PIHOLE_DNS_ variable

::: Pre existing WEBPASSWORD found

DNSMasq binding to default interface: eth0

Added ENV to php:

			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",

			"ServerIP" => "0.0.0.0",

			"VIRTUAL_HOST" => "0.0.0.0",

Using IPv4 and IPv6

::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts


dnsmasq: bad option at line 1 of /etc/dnsmasq.d/adlists.list

::: Testing pihole-FTL DNS: [cont-init.d] 20-start.sh: exited 1.

[cont-finish.d] executing container finish scripts...

[cont-finish.d] done.

[s6-finish] waiting for services.

[s6-finish] sending all processes the TERM signal.

./start_unbound_and_s6_init.sh: line 3:    23 Hangup                  /s6-init

docker-compose logs report this warning:

pihole | [1617699480] unbound[18:0] warning: so-rcvbuf 1048576 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.

How can I fix that?

I have set up the container successfully but need to change the unbound.conf in order to add private-domain: "unraid.net". What is the best way to edit the unbound.conf? It looks like you can only fork this container to edit that?

Any Ideas to this warning i get in the logs?

[1613733434] unbound[16:0] warning: so-rcvbuf 1048576 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.

Hi,

I have the two-container install running on my Synology NAS for some time with some customizations. What would be the best way to migrate to the new one-container method without losing any settings?

Thanks

HW: Raspberry pi 4B
distro: Dietpi 7.0.2

I checked that there are no port conflicts with ss -tulpn

stacktrace:

root@DietPi:~/docker/docker-pihole-unbound/one-container# docker-compose up -d
Creating volume "one-container_etc_pihole-unbound" with default driver
Creating volume "one-container_etc_pihole_dnsmasq-unbound" with default driver
Creating pihole ...

ERROR: for pihole  "host" network_mode is incompatible with port_bindings

ERROR: for pihole  "host" network_mode is incompatible with port_bindings
Traceback (most recent call last):
  File "/usr/local/bin/docker-compose", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.7/dist-packages/compose/cli/main.py", line 80, in main
    command_func()
  File "/usr/local/lib/python3.7/dist-packages/compose/cli/main.py", line 192, in perform_command
    handler(command, command_options)
  File "/usr/local/lib/python3.7/dist-packages/compose/metrics/decorator.py", line 18, in wrapper
    result = fn(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/compose/cli/main.py", line 1165, in up
    to_attach = up(False)
  File "/usr/local/lib/python3.7/dist-packages/compose/cli/main.py", line 1161, in up
    attach_dependencies=attach_dependencies,
  File "/usr/local/lib/python3.7/dist-packages/compose/project.py", line 702, in up
    get_deps,
  File "/usr/local/lib/python3.7/dist-packages/compose/parallel.py", line 106, in parallel_execute
    raise error_to_reraise
  File "/usr/local/lib/python3.7/dist-packages/compose/parallel.py", line 204, in producer
    result = func(obj)
  File "/usr/local/lib/python3.7/dist-packages/compose/project.py", line 688, in do
    override_options=override_options,
  File "/usr/local/lib/python3.7/dist-packages/compose/service.py", line 563, in execute_convergence_plan
    override_options=override_options
  File "/usr/local/lib/python3.7/dist-packages/compose/service.py", line 479, in _execute_convergence_create
    "Creating"
  File "/usr/local/lib/python3.7/dist-packages/compose/parallel.py", line 106, in parallel_execute
    raise error_to_reraise
  File "/usr/local/lib/python3.7/dist-packages/compose/parallel.py", line 204, in producer
    result = func(obj)
  File "/usr/local/lib/python3.7/dist-packages/compose/service.py", line 477, in <lambda>
    lambda service_name: create_and_start(self, service_name.number),
  File "/usr/local/lib/python3.7/dist-packages/compose/service.py", line 456, in create_and_start
    container = service.create_container(number=n, quiet=True)
  File "/usr/local/lib/python3.7/dist-packages/compose/service.py", line 333, in create_container
    previous_container=previous_container,
  File "/usr/local/lib/python3.7/dist-packages/compose/service.py", line 937, in _get_container_create_options
    one_off=one_off)
  File "/usr/local/lib/python3.7/dist-packages/compose/service.py", line 1069, in _get_container_host_config
    cpu_rt_runtime=options.get('cpu_rt_runtime'),
  File "/usr/local/lib/python3.7/dist-packages/docker/api/container.py", line 598, in create_host_config
    return HostConfig(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/docker/types/containers.py", line 339, in __init__
    'network_mode', 'host', 'port_bindings'
docker.errors.InvalidArgument: "host" network_mode is incompatible with port_bindings

Hi Chris,

I had the 2 container version running on my Synology NAS without problems.

After reading the reason why the 1 container version is better i wanted the get the 1 container version. But i get errors that the are missing files.

Even with Portainer i'm getting those errors.

Can you tell me what i'm doing wrong?

Best regards,

m@rco

When I run your setup synology itself cannot ping to the docker container (destination host unreachable) and thus when using openvpn in the synology package it cannot find the DNS server. To overcome this I have made an extra network in bridge mode and use that ip in my openvpn DNS and synology dns ;)
as an example:

version: '2'

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: pi-hole
    mac_address: d0:ca:ab:cd:ef:01
    cap_add:
      - NET_ADMIN
    ports:
      - 443/tcp
      - 53/tcp
      - 53/udp
      #- 67/udp # Uncomment if you want to use Pi-Hole for DHCP
      - 80/tcp
      - 22/tcp
    environment:
      ServerIP: 192.168.2.91
      WEBPASSWORD: politie
      DNS1: 192.168.2.92
      DNS2: 192.168.2.254
      DNSMASQ_LISTENING: local
    volumes:
      - /volume1/docker/pihole-unbound/pihole/volume:/etc/pihole:rw
      - /volume1/docker/pihole-unbound/pihole/config/hosts:/etc/hosts:ro
      - /volume1/docker/pihole-unbound/pihole/config/resolv.conf:/etc/resolv.conf:ro
      - /volume1/docker/pihole-unbound/pihole/config/dnsmasq.conf:/etc/dnsmasq.d/02-network.conf:ro
      - /volume1/docker/pihole-unbound/pihole/config/pihole-FTL.conf:/etc/pihole/pihole-FTL.conf:ro
    networks:
      home:
        ipv4_address: 192.168.2.91
    restart: always
  unbound:
    container_name: unbound
    image: mvance/unbound:latest
    hostname: syn-unbound
    mac_address: d0:ca:ab:cd:ef:02
    ports:
      - 53/tcp
      - 53/udp
    networks:
      home:
        ipv4_address: 192.168.2.92
    restart: always

networks:
  home:
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: 192.168.2.0/24
          gateway: 192.168.2.254
          ip_range: 192.168.2.91/31 # 192.168.1.5 and 192.168.1.6

networks:
  home:
    driver: bridge
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: 192.168.3.0/24
          gateway: 192.168.3.254
          ip_range: 192.168.3.10/31 # 192.168.1.5 and 192.168.1.6

Hi, I'm having an issue with my pihole-unbound in one container. While trying to add new adlists, I get the following error:

Error, something went wrong!
While executing: attempt to write a readonly database
Added 0 out of 1 adlists

My docker-compose.yml is below:
pihole:
container_name: pihole
image: cbcrowe/pihole-unbound:latest
hostname: jupiter
domainname: $DOMAINNAME
ports:
- '53:53/tcp'
- '53:53/udp'
- '80:80/tcp' # Admin access
- '5335:5335/tcp' # Uncomment to enable unbound access on local server
# - 22/tcp # Uncomment to enable SSH
environment:
- ServerIP=$SERVER_IP
- TZ=$TZ
- PUID=$PUID
- PGID=$PGID
- WEBPASSWORD=$PIHOLE_PASSWORD
- REV_SERVER=$REV_SERVER
- REV_SERVER_TARGET=$REV_SERVER_TARGET
- REV_SERVER_DOMAIN=$REV_SERVER_DOMAIN
- REV_SERVER_CIDR=$REV_SERVER_CIDR
- DNS1=127.0.0.1#5335 # Hardcoded to our Unbound server
- DNS2=127.0.0.1#5335 # Hardcoded to our Unbound server
- DNSSEC=$DNSSEC # Enable DNSSEC
volumes:
- $DOCKERDIR/appdata/pihole/etc-pihole:/etc/pihole:rw
- $DOCKERDIR/appdata/pihole/etc-dnsmasq.d:/etc/dnsmasq.d:rw
restart: always

And here's the directory permission:
drwxr-xr-x 4 root root 4.0K Aug 20 10:26 pihole

drwxr-xr-x 2 root root 4.0K Aug 20 10:26 etc-dnsmasq.d
drwxr-xr-x 3 systemd-coredump systemd-coredump 4.0K Aug 20 10:33 etc-pihole

Docker logs doesn't seem to turn up anything.

Hi,
I think there is some strange behavior using the docker ad DNS Server of the nas.
If I use docker as DNS Server on all of my decide in lan it works well.
but if I set up my synology (the container od the docker), it can't ping the docker ip and cannot resolve using it.

I think the macvlan network needs some "bridge"?
May you help me?
Thanks

(I don't want use google on my synology anymore! 😃 )

On the one-container dockerfile you still point to the old named file "install_unbound", but apparently this file was renamed lately to "run_unbound".
This makes it to fail if you try to run the dockerfile directly through file not found error.

Thanks!

PD: It should be easier to fix for you than the whole process of submitting a PR

Are there any plans to support DNS over HTTPs or DNS over TLS?
Also curious to know, if the DNS traffic towards the root servers are encrypted from the pihole instance?

So I'm using the pihole/pihole official container and want to transition to using your container because of Unbound. I have some questions before I do that:

1. I'm on 5.2.2. Would using the same etc-pihole and etc-dnsmasq.d config folders for your container work just fine?
2. In the new "one container" version of your container, why would you not need macvlan anymore? I use macvlan so that pihole has its own IP address. I don't want it sharing the host IP address because it is a critical service in the network and I just prefer it that way.

Thanks in advance for your help.

Hi,

I tried your new "one-container" version. The container is starting, but I run into the following loop:

Starting lighttpd
(network.c.313) can't bind to socket: 192.168.1.2:80 Address already in use
Stopping lighttpd
lighttpd: no process found

My .env file looks like this (ServerIP=Synology IP; REV_SERVER_Target=Fritzbox)

ServerIP=192.168.1.2
TZ=Europe/Berlin
WEBPASSWORD=12345678
REV_SERVER=true
REV_SERVER_DOMAIN=local
REV_SERVER_TARGET=192.168.1.1
REV_SERVER_CIDR=192.168.0.0/16

I don't know, what to do and hope you can help me.

Regards

I can't remeber the error but the following fixed it.
You have:
volumes:
- etc_pihole-unbound:/etc/pihole:rw
- etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw

Should be:
volumes:
- ./etc_pihole-unbound:/etc/pihole:rw
- ./etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
Or:
volumes:
- $PWD/etc_pihole-unbound:/etc/pihole:rw
- $PWD/etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw

or at least that's what got it to work for me.

Also Debian has a port conflict on 53.
I have the fix listed at https://github.com/slochewie/docker-compose-files/tree/main/pihole-unbound under DEBIAN BASED DISTROS
Feel free to copy it into your README or whatever.
Once those steps are taken the port conflict goes away and the container starts properly.

I am using this pihole+unbound container: One container 2. But, pages isn't loading. I disabled the block list but unbound still not resolving. Then, disabled blocklist and selected google ecs on dns section all pages loads correctly. Some sites are not loading in the browser. Such as:
who.int
Running dig command from my mac shows:
`dig who.int

; <<>> DiG 9.10.6 <<>> who.int
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26734
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;who.int. IN A

;; ANSWER SECTION:
who.int. 691 IN A 104.17.113.188

;; Query time: 56 msec
;; SERVER: 192.168.88.5#53(192.168.88.5)
;; WHEN: Sat Apr 03 01:13:56 +06 2021
;; MSG SIZE rcvd: 52**And from my pihole host machine shows:**dig who.int

; <<>> DiG 9.11.5-P4-5.1+deb10u3-Raspbian <<>> who.int
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8088
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;who.int. IN A

;; ANSWER SECTION:
who.int. 616 IN A 104.17.113.188

;; Query time: 0 msec
;; SERVER: 192.168.88.5#53(192.168.88.5)
;; WHEN: Sat Apr 03 01:15:11 +06 2021
;; MSG SIZE rcvd: 52`
But, my browser shows DNS_PROBE_FINISHED_NXDOMAIN

https://hub.docker.com/
From my mac it shows:
`dig hub.docker.com

; <<>> DiG 9.10.6 <<>> hub.docker.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43524
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hub.docker.com. IN A

;; ANSWER SECTION:
hub.docker.com. 80 IN CNAME elb-default.us-east-1.aws.dckr.io.

;; Query time: 54 msec
;; SERVER: 192.168.88.5#53(192.168.88.5)
;; WHEN: Sat Apr 03 01:18:57 +06 2021
;; MSG SIZE rcvd: 90`

From pihole host machine:
`dig hub.docker.com

; <<>> DiG 9.11.5-P4-5.1+deb10u3-Raspbian <<>> hub.docker.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42418
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;hub.docker.com. IN A

;; ANSWER SECTION:
hub.docker.com. 263 IN CNAME elb-default.us-east-1.aws.dckr.io.
elb-default.us-east-1.aws.dckr.io. 197 IN CNAME us-east-1-elbdefau-1nlhaqqbnj2z8-140214243.us-east-1.elb.amazonaws.com.
us-east-1-elbdefau-1nlhaqqbnj2z8-140214243.us-east-1.elb.amazonaws.com. 18 IN A3.216.110.191
us-east-1-elbdefau-1nlhaqqbnj2z8-140214243.us-east-1.elb.amazonaws.com. 18 IN A3.216.167.12
us-east-1-elbdefau-1nlhaqqbnj2z8-140214243.us-east-1.elb.amazonaws.com. 18 IN A3.229.58.91

;; Query time: 163 msec
;; SERVER: 192.168.88.5#53(192.168.88.5)
;; WHEN: Sat Apr 03 01:21:14 +06 2021
;; MSG SIZE rcvd: 219`

hub.docker.com also shows DNS_PROBE_FINISHED_NXDOMAIN. For facebook all dig command return serverfail.
My router is a Mikrotik, which has its own DNS cache, also here is my container details:

ENV |
VERSION | v5.2.4
DNS1 | 127.0.0.1#5335
DNS2 | 127.0.0.1#5335
REV_SERVER_TARGET | 192.168.88.1
TZ | Asia/Dhaka
WEBPASSWORD |
REV_SERVER | true
REV_SERVER_CIDR | 192.168.88.0/24
REV_SERVER_DOMAIN | local
ServerIP | 192.168.88.5
PATH | /opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ARCH | armv7l
UBUNTU_SUITE | buster
DOCKER_REPO | multiarch/debian-debootstrap
PIHOLE_ARCH | arm
S6OVERLAY_RELEASE | https://github.com/just-containers/s6-overlay/releases/download/v2.1.0.2/s6-overlay-arm.tar.gz
PIHOLE_INSTALL | /root/ph_install.sh
PHP_ENV_CONFIG | /etc/lighttpd/conf-enabled/15-fastcgi-php.conf
PHP_ERROR_LOG | /var/log/lighttpd/error.log
IPv6 | True
S6_LOGGING | 0
S6_KEEP_ENV | 1
S6_BEHAVIOUR_IF_STAGE2_FAILS | 2
FTL_CMD | no-daemon
DNSMASQ_USER | root
VERSION | v5.2.4

Hi. Sorry, this is not an Issue but a question. I got here through Reddit and I'm a newbie to Docker and containers, so I'm trying to understand every bit of your solution.
What does the lighttpd-external.conf file achieve? I thought that this was only needed when you had to use another Port because of port conflicts, but I see the code there is not related to that.

In my yml i defined a different port for one container.

  - 90:80/tcp 

But its being ignored

Hi Chris,

I recently configured my network using your tutorial, and It has been working great thank you!

However, I ran into a problem today. I noticed the containers themselves Pihole and Unbound are not discoverable to the Synology NAS itself. Causing DNS timeout errors. I have added a manual DNS setting within Synology DSM though the network settings and have since resolved my issue.

Any thoughts as to why Synology DSM cannot route traffic within itself through the docker containers?

Hi,

I was giving this project a go and its really clean single container DNS solution,

One thing that could be nice to have is to add port 5335 for unbound in docker compose with a comment similar to the one you have for ssh so your local server can query unbound directly this is easy for most people familiar with docker but new users might try query dig github.com @127.0.0.1 -p 5335

and wounder why you can't query local dns just something that I didn't release till i looked back over the ports so i just connected to the container and did a dig query inside it to verify

From what I have read with host mode you can not change the ports for the docker i.e 8080:80. Is there something i am missing? Forgive my ignorance.

I'm seeing two error messages constantly showing up in the log, although it appears as if everything is working. The errors are:

sudo: unable to resolve host pihole.pihole.local: Name or service not known
sudo: unable to send audit message: Unlown error -1

My docker-compose.yaml files has only minor changes from yours:

version: '2'

services:
pihole:
container_name: pihole
image: cbcrowe/pihole-unbound:latest
hostname: pihole
domainname: pihole.local
ports:
- 8443:443/tcp
- 53/tcp
- 53/udp
- 8080:80/tcp
# - 22/tcp # Uncomment to enable SSH
environment:
ServerIP: ${ServerIP}
TZ: ${TZ}
WEBPASSWORD: ${WEBPASSWORD}
REV_SERVER: ${REV_SERVER}
REV_SERVER_TARGET: ${REV_SERVER_TARGET}
REV_SERVER_DOMAIN: ${REV_SERVER_DOMAIN}
REV_SERVER_CIDR: ${REV_SERVER_CIDR}
DNS1: 127.0.0.1#5335 # Hardcoded to our Unbound server
DNS2: 127.0.0.1#5335 # Hardcoded to our Unbound server
DNSSEC: "true" # Enable DNSSEC
WEB_PORT: ${WEB_PORT}
network_mode: "host"
volumes:
- /volume1/docker/pi-un/pihole:/etc/pihole:rw
- /volume1/docker/pi-un/unbound:/etc/dnsmasq.d:rw
restart: unless-stopped

And my .env file is

ServerIP=
TZ=America/New_York
WEBPASSWORD=192.168.7.211
REV_SERVER=true
REV_SERVER_DOMAIN=local
REV_SERVER_TARGET=192.168.7.1
REV_SERVER_CIDR=192.168.7.0/16
WEB_PORT=81

Is there something missing from my configuration?

I am using the One-container. But, having some issues with it. Sometimes it works, sometimes it doesn't.
`root@raspberrypi:/# dig hub.docker.com @127.0.0.1 -p 5335

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> hub.docker.com @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6687
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;hub.docker.com. IN A

;; Query time: 7 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Sat Mar 27 02:05:09 +06 2021
;; MSG SIZE rcvd: 43`

`root@raspberrypi:/# dig doc.docker.com @127.0.0.1 -p 5335

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> doc.docker.com @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10952
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;doc.docker.com. IN A

;; AUTHORITY SECTION:
docker.com. 899 IN SOA ns-207.awsdns-25.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 137 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Sat Mar 27 02:11:17 +06 2021
;; MSG SIZE rcvd: 121`

`root@raspberrypi:/# dig docs.pi-hole.net @127.0.0.1 -p 5335

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> docs.pi-hole.net @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25946
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;docs.pi-hole.net. IN A

;; Query time: 82 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Sat Mar 27 02:13:02 +06 2021
;; MSG SIZE rcvd: 45`

Though reddit shows "noerrors" on dig, but the browser shows "This site can’t be reachedCheck if there is a typo in www.reddit.com.
DNS_PROBE_FINISHED_NXDOMAIN"
`; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> reddit.com @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56295
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;reddit.com. IN A

;; ANSWER SECTION:
reddit.com. 274 IN A 151.101.193.140
reddit.com. 274 IN A 151.101.1.140
reddit.com. 274 IN A 151.101.65.140
reddit.com. 274 IN A 151.101.129.140

;; Query time: 83 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Sat Mar 27 02:16:05 +06 2021
;; MSG SIZE rcvd: 103

`
Also facebook shows a blank page

`root@raspberrypi:/# dig facebook.com @127.0.0.1 -p 5335

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> facebook.com @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10359
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;facebook.com. IN A

;; ANSWER SECTION:
facebook.com. 279 IN A 157.240.198.35

;; Query time: 3 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Sat Mar 27 02:18:42 +06 2021
;; MSG SIZE rcvd: 57`

Also, can you please explain "domainname: ${DOMAIN_NAME}" bit more and a macvlan version of a One container will be highly appreciated. Please see the image hub.docker.com, though they are fully accessible with regular DNS.

Using 1.1.1.1

Actually it worked few minutes after rebooting the system,then it doesnt.

by default pihole comes with lighttpd for webserver

Is it possible deactivate lighttpd and only use nginx reverse proxy?

If so how?

https://docs.pi-hole.net/guides/webserver/nginx/

Thanks for the work. It worked great until now.
I now wanted to set-up on a new Synology and I don´t manage to get the pihole container to start.

ERROR: for pihole Cannot start service pihole: Bind mount failed: '/volume1/docker/pihole-unbound/pihole/config/dnsmasq.conf' does not exists
ERROR: Encountered errors while bringing up the project.

ERROR: for pihole Cannot start service pihole: Bind mount failed: '/volume1/docker/pihole-unbound/pihole/config/dnsmasq.conf' does not exists
ERROR: Encountered errors while bringing up the project.

Am I doing something wrong? Do I need to revert to an older revision of pihole maybe?

THX

Hi I installed the dockers with pihole

docker compose file:
version: '2'

services:
pihole:
container_name: pihole
image: pihole/pihole:latest
hostname: pi-hole
mac_address: d0:ca:ab:cd:ef:01
privileged: true
cap_add:
- NET_ADMIN
ports:
- 443/tcp
- 53/tcp
- 53/udp
# - 67/udp # Uncomment if you want to use Pi-Hole for DHCP
- 80/tcp
- 22/tcp
environment:
ServerIP: 192.168.1.8
WEBPASSWORD: ${WEBPASSWORD}
DNS1: 192.168.1.9
DNS2: 192.168.1.1
volumes:
- /volume1/docker/pihole-unbound/pihole/volume:/etc/pihole:rw
- /volume1/docker/pihole-unbound/pihole/config/hosts:/etc/hosts:ro
- /volume1/docker/pihole-unbound/pihole/config/resolv.conf:/etc/resolv.conf:ro
- /volume1/docker/pihole-unbound/pihole/config/dnsmasq.conf:/etc/dnsmasq.d/02-network.conf:ro
- /volume1/docker/pihole-unbound/pihole/config/pihole-FTL.conf:/etc/pihole/pihole-FTL.conf:ro
networks:
home:
ipv4_address: 192.168.1.8
restart: always
unbound:
container_name: unbound
image: mvance/unbound:latest
hostname: syn-unbound
mac_address: d0:ca:ab:cd:ef:02
privileged: true
ports:
- 53/tcp
- 53/udp
networks:
home:
ipv4_address: 192.168.1.9
restart: always

networks:
home:
driver: macvlan
driver_opts:
parent: eth0
ipam:
config:
- subnet: 192.168.1.0/24
gateway: 192.168.1.1
ip_range: 192.168.1.8/30 # 192.168.1.8 and 192.168.1.9

What I thinks is weird but please correct me if Im wrong, the query list on pihole is listing an insane amount of tries to the domain that im trying to reach , it is happening at every domain.

Is this normal ??

my .env file:

ServerIP=192.168.178.46
TZ=Europe/Berlin
WEBPASSWORD=QWERTY123456asdfASDFaoeu
REV_SERVER=true
REV_SERVER_DOMAIN=local
REV_SERVER_TARGET=192.168.178.1
REV_SERVER_CIDR=192.168.178.0/16
HOSTNAME=pihole
DOMAIN_NAME=pihole.local

this worked perfectly fine a few weeks ago now I get:
services.pihole.environment.REV_SERVER must be a string, number or null

I just set it to 1 now assuming it means true but I don't know if it is. Any information why this happens now?.

When I try to add settings from the Pi-hole UI, I get this error

Error, something went wrong!
While executing: attempt to write a readonly database
Added 0 out of 1 adlists

Looking at the file permissions inside the container I see

I have looked at the persmissions and tried a few installs. Pi-hole and unbound seem to be working but I am unable to update the UI

Configuring Upstream DNS server Custom 1 (IPV4) = 127.0.0.1#5335 to use unbound was working fine in v5.7, but after v5.8 unbound is no longer working.

Noobie here:

I'm trying to utilize this image via portainer and have pasted the docker-compose.yaml file for the one container image into a stack of mine. The stack deploys successfully, but I am unable to open the web interface with my server's ip/admin. Am I missing a step?

TIA!

Hi there,

I'm fairly new to containers, and for that reason I probably fought this for longer than I would like to admit. With the existing YML file, QNAP tries to make a new Docker network and ultimately will not boot the app/container once created. No idea if this is the correct way to resolve this, but I managed to add some values to the YML file that allowed me to successfully deploy this project to an existing QNAP Virtual Switch using Container Station. I am unaware of how to use .env files for deployment with Container Station so I filled in the values directly into the YML file.

Note that I had to put double quotes around true for REV_SERVER:. Also, to get the docker network name I inspected another container that was using the virtual switch I wanted this to use, and verified by comparing/listing the docker networks, both from the command shell. (I think you can do this by SSH'ing to the QNAP, but I used the super_shell container app). See example YML below.

version: '2'

volumes:
etc_pihole-unbound:
etc_pihole_dnsmasq-unbound:

services:
pihole:
networks:
${DOCKER_NETWORK_NAME}:
ipv4_address: ${ServerIP}
container_name: pihole
image: cbcrowe/pihole-unbound:latest
hostname: ${HOSTNAME}
domainname: ${DOMAIN_NAME}
ports:
- 443:443/tcp
- 53:53/tcp
- 53:53/udp
- 80:80/tcp
# - 5335:5335/tcp # Uncomment to enable unbound access on local server
# - 22/tcp # Uncomment to enable SSH
environment:
ServerIP: ${ServerIP}
TZ: ${TZ}
WEBPASSWORD: ${WEBPASSWORD}
REV_SERVER: "${REV_SERVER}"
REV_SERVER_TARGET: ${REV_SERVER_TARGET}
REV_SERVER_DOMAIN: ${REV_SERVER_DOMAIN}
REV_SERVER_CIDR: ${REV_SERVER_CIDR}
DNS1: 127.0.0.1#5335 # Hardcoded to our Unbound server
DNS2: 127.0.0.1#5335 # Hardcoded to our Unbound server
DNSSEC: "true" # Enable DNSSEC
volumes:
- etc_pihole-unbound:/etc/pihole:rw
- etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
restart: unless-stopped

networks:
${DOCKER_NETWORK_NAME}:
external:
name: ${DOCKER_NETWORK_NAME}