New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wireguard is performing an invalid DNS lookup about once per second #101
Comments
I'm also observing the same behavior. In my case supposedly due to this the wireguard container also doesn't seem to accept an answer from the pihole. How did you configure the wg container to use your pihole container? |
I have my router set to use pihole as DNS so my whole network uses it. |
I could fix this issue by connecting the pihole and wireguard container directly together with a network.
A DNS request to |
Yes indeed, adding the DNS entries to the container has made everything quiet. I genuinely do not know if this is a workaround for a real prolem or a true fix, so I'll leave it up to the powers to be to decide if this should be closed or stay open for more action. |
Could you elaborate on what and how you've added the DNS entries to the container? |
I did exactly as you suggested and added my pihole DNS entries to the wireguard container (nothing else was changed).
EDIT: Since my router's DNS points at both Pihole's, could I have / should I put my router IP address instead? |
I think that it should work regardless. I still have a few question, because I could only fix my problem with connecting both container together:
|
I don't see where you are "joining" networks, but I am not fluent in docker compose. I see where you create a bridge network from the Pihole docker but per docker documentation (see https://docs.docker.com/network/) that is what docker defaults to if not otherwise specified. I'm probably missing something subtle here. I do have two piholes ever since I had pi power supply die while on a trip (when else would it do so?) leaving a non-accessable network in it's wake since my dynamic DNS software couldn't function. They are not on the same host but ARE on the same network. Pihole1 is docker and on the same raspberry pi host with docker wireguard. Pihole2 is also docker but runs on my server. The IP address I specified are the physical IPs (192.168.1.3 and 192.168.1.219 respectively), not localhost or 127.0.0.1 As it relates to this issue...I don't think it's relevant. Only the Pihole plus Wireguard had this problem. The second pihole was also removed to check. |
No. You're totally right. I somehow forgot while writing the comment that compose is creating a network by default.
You are right. I was just curious because you suddenly spoke about two piholes :) Back to topic: |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
I got it fixed by binding the DNS listening port to the specific external IP in the docker-compose file of Pi-hole, |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
I was also experiencing this issue @CrookedBIOS fix seems to have helped. But I don't really know why Wireguard doesn't accept the answer from Pi-hole? The queries were correctly forwarded to the DNS provider configured. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Adding a comment to keep the issue open - I solved it as well using the recommendation from @CrookedBIOS. I'm not sure if this is an issue that needs to be fixed on the Wireguard side or on the Pi-hole side. Maybe someone else is able to dig deeper and find the root cause. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Is this the reason ? https://github.com/linuxserver/docker-wireguard/blob/master/root/defaults/Corefile |
This is not an issue with wireguard or coredns, or our image. It has to do with running pihole in a container, and incorrectly accessing it (docker network vs host mapped port). We don't recommend running DNS (or DHCP) servers in a container for various reasons including this one. Closing. |
Expected Behavior
DNS lookups should only occur for legitimate web addresses. Lookups should stop or time out when no response is received rather than continue indefinately.
Current Behavior
My pihole logs are showing repeated (about 1x per second) requests from client IP 172.17.0.1 (the docker0 network adapter) to lookup ".". This has been going on since I set the container up (going on 2-3 weeks now). The activity stops when the Wireguard docker container is stopped. I have set pihole to block the request as otherwise pihole forwards the request to it's DNS provider. Blocking the DNS does not appear to affect wireguard functionality. There are no other Docker containers or services on this system (beyond those enabled by default with Raspian).
Steps to Reproduce
Environment
OS: Raspian 10
CPU architecture: arm32 (Raspberry Pi 4)
How docker service was installed: From the official docker repo
Command used to create docker container (run/create/compose/screenshot)
Docker logs
The text was updated successfully, but these errors were encountered: