Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Top client shows only one IP (which I don't even recognize) #135

Closed
arsaboo opened this issue May 23, 2017 · 145 comments
Closed

Top client shows only one IP (which I don't even recognize) #135

arsaboo opened this issue May 23, 2017 · 145 comments

Comments

@arsaboo
Copy link

arsaboo commented May 23, 2017

I started using this image on my Synology NAS and have been very happy with it...thanks a ton!

I just have one issue that I am not able to resolve, in the Top Clients section, I see all the requests from one IP address (172.17.0.1). This is particularly interesting, given that 172.17.0.1 is not an IP from my network (at least I don't recognize it). All the IP addresses in my local network have the format 192.168.2.*.
image
I was hoping that I could see the request per IP address. I am using and Asus router with Merlin firmware (if that helps). I am not sure if it is a bug or something that I need to fix at my end. Thanks for looking into it.

@AzureMarker
Copy link

AzureMarker commented May 23, 2017

Is your Pi-hole accessible from the internet? Run pihole -d for a debug token.

Actually, that is a Docker internal IP address. @diginc would know more about why it's the only client.

@arsaboo
Copy link
Author

arsaboo commented May 23, 2017

Here's the debug token - smtw8e6m6a

Let me know if you want me to paste the log here. Thanks!

@diginc
Copy link
Member

diginc commented May 23, 2017

When a router cannot directly hand out DNS the only option is to have it relay. Mine does this too where my clients still point to my router and my router points to the pihole. the real addresses of the clients are lost in the process.

@arsaboo
Copy link
Author

arsaboo commented May 23, 2017

That is unfortunate. Here are few threads that I stumbled upon (although none of them are using a docker container):
https://www.reddit.com/r/pihole/comments/4rdg5m/top_clients_only_shows_router_ip/
https://www.reddit.com/r/pihole/comments/5gz6dz/trouble_getting_docker_based_pihole_to_work/

I guess, we will have to live with that.

@diginc
Copy link
Member

diginc commented May 23, 2017

@Mcat12 pointed out that is the docker gateway IP address so the router explanation isn't quite right.

What is your docker run command and what is the output of docker logs pihole | head -35

Also what version of docker?

@arsaboo
Copy link
Author

arsaboo commented May 23, 2017

I am using the latest version of Docker (1.11.2-0.325) on my Synology NAS and the latest version of the image that was released 8/10 hours back. I used the GUI to initiate the container. Here are the settings:

{
  "cap_add": [],
  "cap_drop": [],
  "cmd": "",
  "cpu_priority": 0,
  "ddsm_bind_share": "",
  "devices": [],
  "enable_publish_all_ports": false,
  "enable_restart_policy": false,
  "enabled": true,
  "env_variables": [{
    "key": "TZ",
    "value": "America/New_York"
  }, {
    "fixed": false,
    "key": "PATH",
    "value": "/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
  }, {
    "fixed": false,
    "key": "IMAGE",
    "value": "debian"
  }, {
    "fixed": false,
    "key": "setupVars",
    "value": "/etc/pihole/setupVars.conf"
  }, {
    "fixed": false,
    "key": "PIHOLE_INSTALL",
    "value": "/tmp/ph_install.sh"
  }, {
    "fixed": false,
    "key": "S6OVERLAY_RELEASE",
    "value": "https://github.com/just-containers/s6-overlay/releases/download/v1.19.1.1/s6-overlay-amd64.tar.gz"
  }, {
    "fixed": false,
    "key": "PHP_ENV_CONFIG",
    "value": "/etc/lighttpd/conf-enabled/15-fastcgi-php.conf"
  }, {
    "fixed": false,
    "key": "PHP_ERROR_LOG",
    "value": "/var/log/lighttpd/error.log"
  }, {
    "fixed": false,
    "key": "IPv6",
    "value": "True"
  }, {
    "fixed": false,
    "key": "S6_LOGGING",
    "value": "0"
  }, {
    "fixed": false,
    "key": "S6_KEEP_ENV",
    "value": "1"
  }, {
    "fixed": false,
    "key": "S6_BEHAVIOUR_IF_STAGE2_FAILS",
    "value": "2"
  }],
  "exporting": false,
  "id": "9375e5086f75a3734f20be6990ff937c748e7880831ac41f1d14627131ca3877",
  "image": "sha256:bf10d7dce4f463173db4d932f8aadcb5f4f09a9cef74d0cb5631ad834ae553d9",
  "is_ddsm": false,
  "is_package": false,
  "links": [],
  "memory_limit": 0,
  "name": "diginc-pi-hole1",
  "network": [{
    "driver": "bridge",
    "name": "bridge"
  }],
  "port_bindings": [{
    "container_port": 53,
    "fixed": false,
    "host_port": 53,
    "type": "tcp"
  }, {
    "container_port": 53,
    "fixed": false,
    "host_port": 53,
    "type": "udp"
  }, {
    "container_port": 80,
    "fixed": false,
    "host_port": 7780,
    "type": "tcp"
  }],
  "privileged": false,
  "shortcut": {
    "enable_shortcut": false
  },
  "ulimits": [],
  "use_host_network": false,
  "volume_bindings": [{
    "fixed": false,
    "host_volume_file": "/docker/PiHole",
    "mount_point": "/etc/pihole",
    "type": "rw"
  }],
  "volumes_from": null
}

Here are the logs:

ash-4.3# docker logs diginc-pi-hole1 | head -35
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
 ::: Starting docker specific setup for docker diginc/pi-hole
ERROR: To function correctly you must pass an environment variables of 'ServerIP' into the docker container with the IP of your docker host from which you are passing web (80) and dns (53) ports from
:::
::: Neutrino emissions detected...
:::
::: Pulling source lists into range... done!
:::
::: Getting raw.githubusercontent.com list... done
:::   Status: Success (OK)
:::   List updated, transport successful!
::: Getting mirror1.malwaredomains.com list... done
:::   Status: Success (OK)
:::   List updated, transport successful!
::: Getting sysctl.org list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting zeustracker.abuse.ch list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting s3.amazonaws.com list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting s3.amazonaws.com list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting hosts-file.net list... done
:::   Status: Not modified

@diginc
Copy link
Member

diginc commented May 23, 2017

ERROR: To function correctly you must pass an environment variables of 'ServerIP' into the docker container with the IP of your docker host from which you are passing web (80) and dns (53) ports from

Looks like ServerIP didn't get set correctly. This is a known issue I need to address, before it would cause the docker to die instantly but s6 doesn't seem to be quitting immediately during container init script errors.

@arsaboo
Copy link
Author

arsaboo commented May 23, 2017

I added the ServerIP and it shows in the container details (192.168.2.113 is the NAS IP):

image

@diginc
Copy link
Member

diginc commented May 23, 2017

Does synology allows live editing of the environment variables? The "env_variables": [{ block you pasted from your docker inspect does not list ServerIP yet your screenshot obviously has it. Live editing values without informing the user you have to re-create a container may explain this.

@arsaboo
Copy link
Author

arsaboo commented May 23, 2017

The env_variables that I pasted was before I added the ServerIP. After your comment, I added the ServerIP. Here's the updated block:

{
  "cap_add": [],
  "cap_drop": [],
  "cmd": "",
  "cpu_priority": 0,
  "ddsm_bind_share": "",
  "devices": [],
  "enable_publish_all_ports": false,
  "enable_restart_policy": false,
  "enabled": true,
  "env_variables": [{
    "key": "WEBPASSWORD",
    "value": "REDACTED"
  }, {
    "fixed": false,
    "key": "ServerIP",
    "value": "192.168.2.113"
  }, {
    "fixed": false,
    "key": "TZ",
    "value": "America/New_York"
  }, {
    "fixed": false,
    "key": "PATH",
    "value": "/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
  }, {
    "fixed": false,
    "key": "IMAGE",
    "value": "debian"
  }, {
    "fixed": false,
    "key": "setupVars",
    "value": "/etc/pihole/setupVars.conf"
  }, {
    "fixed": false,
    "key": "PIHOLE_INSTALL",
    "value": "/tmp/ph_install.sh"
  }, {
    "fixed": false,
    "key": "S6OVERLAY_RELEASE",
    "value": "https://github.com/just-containers/s6-overlay/releases/download/v1.19.1.1/s6-overlay-amd64.tar.gz"
  }, {
    "fixed": false,
    "key": "PHP_ENV_CONFIG",
    "value": "/etc/lighttpd/conf-enabled/15-fastcgi-php.conf"
  }, {
    "fixed": false,
    "key": "PHP_ERROR_LOG",
    "value": "/var/log/lighttpd/error.log"
  }, {
    "fixed": false,
    "key": "IPv6",
    "value": "True"
  }, {
    "fixed": false,
    "key": "S6_LOGGING",
    "value": "0"
  }, {
    "fixed": false,
    "key": "S6_KEEP_ENV",
    "value": "1"
  }, {
    "fixed": false,
    "key": "S6_BEHAVIOUR_IF_STAGE2_FAILS",
    "value": "2"
  }],
  "exporting": false,
  "id": "9375e5086f75a3734f20be6990ff937c748e7880831ac41f1d14627131ca3877",
  "image": "sha256:bf10d7dce4f463173db4d932f8aadcb5f4f09a9cef74d0cb5631ad834ae553d9",
  "is_ddsm": false,
  "is_package": false,
  "links": [],
  "memory_limit": 0,
  "name": "diginc-pi-hole1",
  "network": [{
    "driver": "bridge",
    "name": "bridge"
  }],
  "port_bindings": [{
    "container_port": 53,
    "fixed": false,
    "host_port": 53,
    "type": "tcp"
  }, {
    "container_port": 53,
    "fixed": false,
    "host_port": 53,
    "type": "udp"
  }, {
    "container_port": 80,
    "fixed": false,
    "host_port": 7780,
    "type": "tcp"
  }],
  "privileged": false,
  "shortcut": {
    "enable_shortcut": false
  },
  "ulimits": [],
  "use_host_network": false,
  "volume_bindings": [{
    "fixed": false,
    "host_volume_file": "/docker/PiHole",
    "mount_point": "/etc/pihole",
    "type": "rw"
  }],
  "volumes_from": null
}

@diginc
Copy link
Member

diginc commented May 23, 2017

is top client behavior the same still after ServerIP addition? does the startup log indicate it had any errors?

@arsaboo
Copy link
Author

arsaboo commented May 24, 2017

Here are the logs again (no errors now):

ash-4.3# docker logs diginc-pi-hole1 | head -35
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
 ::: Starting docker specific setup for docker diginc/pi-hole
+ [[ REDACTED == '' ]]
+ pihole -a -p REDACTED REDACTED
New password set
Using default DNS servers: 8.8.8.8 & 8.8.4.4
DNSMasq binding to default interface: eth0
Added ENV to php:
                        "PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
                        "ServerIP" => "192.168.2.113",
                        "VIRTUAL_HOST" => "192.168.2.113",
Using IPv4 and IPv6
::: Testing DNSmasq config: dnsmasq: syntax check OK.
::: Testing lighttpd config: Syntax OK
::: All config checks passed, starting ...
::: Docker start setup complete - beginning s6 services
:::
::: Neutrino emissions detected...
:::
::: Pulling source lists into range... done!
:::
::: Getting raw.githubusercontent.com list... done
:::   Status: Success (OK)
:::   List updated, transport successful!
::: Getting mirror1.malwaredomains.com list... done
:::   Status: Success (OK)
:::   List updated, transport successful!
::: Getting sysctl.org list... done

@eronde
Copy link

eronde commented Jul 1, 2017

Hi,

I've the same issue when I run pi-hole(docker 1.11.2) on my synology, it only log an internal ip address of docker an not the ip of the requested client.

github_ph_client

The logs:

dnsmasq: forwarded www.google.com to 8.8.4.4
dnsmasq: forwarded www.google.com to 8.8.8.8
dnsmasq: reply www.google.com is 172.217.17.132
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying... 
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing... 
 ::: Starting docker specific setup for docker diginc/pi-hole
+ [[ test == '' ]]
+ pihole -a -p test test
New password set
Using default DNS servers: 8.8.8.8 & 8.8.4.4
DNSMasq binding to default interface: eth0
Added ENV to php:
                        "PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
                        "ServerIP" => "192.168.1.12",
                        "VIRTUAL_HOST" => "192.168.1.12",
Using IPv4 and IPv6
::: Testing DNSmasq config: dnsmasq: syntax check OK.
::: Testing lighttpd config: Syntax OK
::: All config checks passed, starting ...
::: Docker start setup complete - beginning s6 services
:::
::: Neutrino emissions detected...
:::
::: Pulling source lists into range... done!
:::
::: Getting raw.githubusercontent.com list... done
:::   Status: Success (OK)
:::   List updated, transport successful!
::: Getting mirror1.malwaredomains.com list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting sysctl.org list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting zeustracker.abuse.ch list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting s3.amazonaws.com list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting s3.amazonaws.com list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: Getting hosts-file.net list... done
:::   Status: Not modified
:::   No changes detected, transport skipped!
::: 
::: Aggregating list of domains... done!
::: Formatting list of domains to remove comments.... done!
::: 133946 domains being pulled in by gravity...
::: Removing duplicate domains.... done!
::: 110427 unique domains trapped in the event horizon.
:::
::: Adding adlist sources to the whitelist... done!

github-pihole

Thanks for looking into it.

@diginc
Copy link
Member

diginc commented Jul 1, 2017

@murugaratham
Copy link

murugaratham commented Jul 23, 2017

+1, i've configured my router to tell clients to use docker host ip which is mapped to pi-hole container, but i am only seeing 172.17.0.1 for all clients.

I've tried setting my docker host ip 192.168.0.25 on my phone and laptop dns to test, but i can't differentiate clients

@ptxmac
Copy link

ptxmac commented Jul 27, 2017

I also have this issue. Why was is closed?

@diginc
Copy link
Member

diginc commented Jul 27, 2017

Initially I thought it was a router based problem - I'll look into this again.

Any more data people can provide is appreciated so we can start trying to find a common thread. Docker image used, Docker versions, run command, maybe even router version, and if you're a synology or other type of server.

If you don't use your router DHCP DNS and hard code a computer's DNS to pi-hole does it still show the 172.17.0.1 IP?

@diginc diginc reopened this Jul 27, 2017
@murugaratham
Copy link

murugaratham commented Jul 30, 2017

Router: Asus RT-AC88U running asus merlin firmware 380.67

2017-07-30 01 28 01 pm

running latest pi-hole image from dockerhub

Pi-hole Version v3.1 (Update available!) Web Interface Version v3.1 FTL Version v2.9.4 Donate if you found this useful.

docker-compose.yml

version: "3"
services:
  pihole:
    container_name: pi-hole
    image: diginc/pi-hole:alpine
    ports:
      - "0.0.0.0:53:53/tcp"
      - "0.0.0.0:53:53/udp"
      - "0.0.0.0:8053:80/tcp"
    environment:
      # enter your docker host IP here
      ServerIP: 192.168.0.25
      VIRTUAL_HOST: imac.local
      VIRTUAL_PORT: 8053
      WEBPASSWORD: redacted
      TZ: Asia/Singapore
    # Add your own custom hostnames you need for your domain
    #extra_hosts:
      #   Point any of the jwilder virtual_host addresses
      # to your docker host ip address
      #- 'imac.local/pihole:192.168.0.25'
    volumes:
      # - '/etc/pihole/:/etc/pihole/'
      # WARNING: if this log don't exist as a file on the host already
      # docker will try to create a directory in it's place making for lots of errors
      # - '/var/log/pihole.log:/var/log/pihole.log'
      - '/Users/user/pihole/:/etc/pihole/'
      - '/Users/user/dnsmasq.d/:/etc/dnsmasq.d/'
    restart: always

And yes, i tried hardcoding the dns to 192.168.0.25 on my device and it still shows docker gateway ip instead of the actual client IP

@ramsnerm
Copy link

ramsnerm commented Aug 3, 2017

I am running the same setups on a Synology DS415 and a Ubiquiti USG as router. On the router DNS settings are points to the pi-hole docker container. Everything runs so far. Some test with some sites showed me that the filter is working - However I have the same issue with the IP mapping. I only see the virtual docker IP in the Dashboard but no details so further investigation is not possible. Did you find any solution/Idea where it comes from?

@ptxmac
Copy link

ptxmac commented Aug 14, 2017

I just verified that my clients are using the IP of the host running docker - i.e. the same as what I configured ServerIP to, but it still shows the client as the docker ip. This is most likely due to dockers bridge networking?

@diginc
Copy link
Member

diginc commented Aug 14, 2017

Do the actual dnsmasq logs only show the one docker bridge IP address?

@ptxmac
Copy link

ptxmac commented Aug 14, 2017

The dnsmasq logs shows the queries originating from the docker bridge gateway; in my case:

pihole_1  | dnsmasq: query[A] spectrum.s3.amazonaws.com from 172.19.0.1

172.19.0.1/16 is the bridged network for the pihole container. The container itself have 172.19.0.7, but everything is running on a host with ip 192.168.1.5 which all client correct to directly.

This probably means it's not possible to see the actual client when using docker with bridged network (the default)

@mclambo
Copy link

mclambo commented Sep 9, 2017

I tried a hard DNS entry of the docker pi-hole IP address in one of my Windows 10 computers, but it does not know a route to this subnet.

So manually adding a route through the command line seems to work, Pi-hole recognizes my computer.
Off course this is suboptimal, because it would require me to manually add this route to all my devices making use of my network which range from Windows, Apple, Android to other kinds of gadgets....

@Rajackar
Copy link

Rajackar commented Oct 11, 2017

I can confirm this behaviour as well.
Not a real issue for me as the pi-hole itself is working fine. It's just no longer possible to identify individual machines on my network.

@fenrir-github
Copy link

fenrir-github commented Nov 6, 2017

my 2cts => docker-proxy

@diginc diginc added this to Backlog in Docker Pi Hole Nov 18, 2017
@old-square-eyes
Copy link

old-square-eyes commented Apr 2, 2022

No change...

Pihole log from my dig @192.168.0.2 google.com on my laptop.

Apr  3 11:50:39 dnsmasq[506]: query[A] google.com from 172.19.0.1
Apr  3 11:50:39 dnsmasq[506]: cached google.com is 142.250.204.14

My full compose:

version: "3"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "192.168.0.2:53:53/tcp"
      - "192.168.0.2:53:53/udp"
      - "192.168.0.2:67:67/udp"
      - "80:80/tcp"
      - "443:443/tcp"
    environment:
      TZ: 'Pacific/Auckland' #this is the time zone
      WEBPASSWORD: 'hackme'
      environment:
      DNS1: 1.1.1.1
      DNS2: 208.67.222.222
    volumes:
       - './etc-pihole/:/etc/pihole/'
       - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    dns:
      - 127.0.0.1
      - 192.168.0.3
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

@AlBundy33
Copy link

AlBundy33 commented Apr 3, 2022

this is how my docker-compose.yml looks like.
my router is an avm fritz.box with ip 192.168.1.1 and therefore my local domain is fritz.box.
192.168.1.111 is the ip of the docker host where the pihole container runs.
pihole uses my router as upstream dns and my router publishes the pihole as dns to all of my devices.

also check your environment settings - they seem to be wrong.

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: always
    ports:
      - "192.168.1.111:53:53/tcp"
      - "192.168.1.111:53:53/udp"
      - "192.168.1.111:67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "192.168.1.111:80:80/tcp"
    environment:
      TZ: 'Europe/Berlin'
      WEBPASSWORD: 'hackmetoo'
      PIHOLE_DNS_: '192.168.1.1'
      DNS_BOGUS_PRIV: 'true'
      DNS_FQDN_REQUIRED: 'true'
      REV_SERVER: 'true'
      REV_SERVER_DOMAIN: 'fritz.box'
      REV_SERVER_TARGET: '192.168.1.1'
      REV_SERVER_CIDR: '192.168.1.0/24'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole/:/etc/pihole/'
      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'

@old-square-eyes
Copy link

old-square-eyes commented Apr 3, 2022

I changed to yours, translating values where appropriate and no change. Why do you use your router as the upstream server?

Edit: Saw your explanation.

@AlBundy33
Copy link

AlBundy33 commented Apr 3, 2022

because I use the pihole as dns for all of my devices but the router does dhcp.
with this setting lookups of local devices by name still work.

this is strange that this didn't work for you.
are you using the latest image?
did you recreate the container?

@rdwebdesign
Copy link
Member

rdwebdesign commented Apr 3, 2022

Can you test it without using volumes (creating a clean start)?

@old-square-eyes
Copy link

old-square-eyes commented Apr 3, 2022

I just removed the container and volumes completely. Re-downloaded a fresh container and ran the yaml above. Same issue.

@AlBundy33
Copy link

AlBundy33 commented Apr 3, 2022

and post your current file
I think you have to remove the "dns:" section and set the upstream server(s) with PIHOLE_DNS_
but do not use 127.0.0.1 as upstream

or try to use my file with your IPs and domain

@old-square-eyes
Copy link

old-square-eyes commented Apr 3, 2022

Current file:

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: always
    ports:
      - "192.168.0.2:53:53/tcp"
      - "192.168.0.2:53:53/udp"
      - "192.168.0.2:67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "192.168.0.2:80:80/tcp"
    environment:
      TZ: 'Pacific/Auckland'
      WEBPASSWORD: 'hackme'
      PIHOLE_DNS_: '1.1.1.1;208.67.222.222'
      DNS_BOGUS_PRIV: 'true'
      DNS_FQDN_REQUIRED: 'true'
      REV_SERVER: 'true'
      REV_SERVER_DOMAIN: 'DAN'
      REV_SERVER_TARGET: '192.168.0.1'
      REV_SERVER_CIDR: '192.168.0.0/24'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole/:/etc/pihole/'
      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'

@AlBundy33
Copy link

AlBundy33 commented Apr 3, 2022

and this still doesn't work?

If I run
dig @192.168.1.111 google.com
on my docker host I see the hostname in then querylog (web-interface) and the ip in the pihole.log

can you try to change the "external" port to 5353 and run and check
dig google.com @192.168.0.2 -p 5353

@old-square-eyes
Copy link

old-square-eyes commented Apr 3, 2022

Well it works. Just the client IP is the Docker IP.

How do I change the external port?
Do you mean in the yaml file ports: - "192.168.0.2:5353:53/tcp" ?

@AlBundy33
Copy link

AlBundy33 commented Apr 3, 2022

I had the same issue but binding the porta to the interface worked for me.

yes try to change
192.168.0.2:53:53
to
192.168.0.2:5353:53

just to see of this makes a difference.

@old-square-eyes
Copy link

old-square-eyes commented Apr 3, 2022

dig google.com @192.168.0.2 -p 5353 times out after making that change.
dig google.com @192.168.0.2 -p 53 still works

I notice this in the logs Apr 3 14:16:44 dnsmasq[513]: Pi-hole hostname pi.hole is 0.0.0.0

I set...

      ServerIP: '192.168.0.2'
      FTLCONF_REPLY_ADDR4: '192168.0.2'

and now...

dnsmasq[513]: Pi-hole hostname pi.hole is 127.0.0.1

But it hasn't improved the other issue.

@AlBundy33
Copy link

AlBundy33 commented Apr 3, 2022

if you change your yml to

      - "192.168.0.2:5353:53/tcp"
      - "192.168.0.2:5353:53/udp"
      - "192.168.0.2:6767:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "192.168.0.2:80:80/tcp"

and restart the container dig google.com @192.168.0.2 -p 5353 should work and not 53.
You can run this direct at 192.168.0.2

Also try netstat -ano | grep :53 on your docker-host.
here you should see no open port 53

ServerIP and FTLCONF_REPLY_ADDR4 are not needed

@old-square-eyes
Copy link

old-square-eyes commented Apr 4, 2022

Fails with error...

[+] Running 0/1
 - Container pihole  Starting                                                                                            0.4s
Error response from daemon: Ports are not available: listen udp 192.168.0.2:5353: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted.

Changing UDP to just 53 results in the image booting. But the dig query times out.

Could something else be using these ports? Only other thing on that machine is a Chia Farm.

@AlBundy33
Copy link

AlBundy33 commented Apr 4, 2022

Maybe the port is already in use.
Then try just another port (e.g. 4453 instead of 53)

@loehden
Copy link
Contributor

loehden commented Apr 4, 2022

Your issue "IP is always 172.19.0.1" looks like an adress translation "problem". And it might be the effect that I tried to explain above. If you promote an IPv6 DNS server adress to the network (at home usually via the router/DHCP server) then the clients often prefer sending DNS requests via IPv6, but this is not translated by the Docker userland to the IPv6 of the requesting client. Instead it is reached through with the internal IPv4 of the Docker interface. So the container sees all requests comming from that adress and only shows this as source of requests.
The easiest way to check would be to deactivate IPv6 for one client completely and test if their requests now show up in the dashboard under the right IPv4/client name.

@old-square-eyes
Copy link

old-square-eyes commented Apr 4, 2022

Thanks for the insight. But I don't publish a IP6 DNS address. I doubt 100% of 30 odd clients would choose IP6 anyway. As far as I know IP6 is disabled everywhere, including vlans on my home network. Also my explicit dig tests query the IP4 address. Did I understand your comments correct? Sorry if I missed the point.

@old-square-eyes
Copy link

old-square-eyes commented Apr 4, 2022

image

image

image

@AlBundy33

edit: also 12hours later this has happened...

image

@AlBundy33
Copy link

AlBundy33 commented Apr 4, 2022

Instead of the port-forwarding you can also try network_mode: host

@rdwebdesign
Copy link
Member

rdwebdesign commented Apr 5, 2022

You can also try a macvlan network.
Your pi-hole will have an IP like "192.168.0.X" and no need to port forwarding.

@old-square-eyes
Copy link

old-square-eyes commented Apr 5, 2022

network_mode: host

Network host mode is not supported on any other OS than Linux

Folks I'm super grateful for all the help. I'm just a bit confused that a supported implementation doesn't seem to work in any known configuration. Is the only option here to bow out and run a Linux VM? Feels like such opportunity cost :)

@github-actions
Copy link

github-actions bot commented May 6, 2022

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

@github-actions github-actions bot added the stale label May 6, 2022
Docker Pi Hole automation moved this from Triage/Backlog to Done May 11, 2022
@lexpostma
Copy link

lexpostma commented Jun 5, 2022

Anyone figure out a solution? I see the bot recently closed the issue because of it was stale, but I see no fix. I'm running into this same issue, was actually lurking in this thread because it got closed.

Running Pi-hole in Docker on macOS. Mac has fixed IP 192.168.96.6. And there's on one client in Pi-hole with 172.X.0.1 where X seems to change after a reboot. Also running Pi-hole in a Raspberry Pi at 192.168.96.5 without any issues. My router is set up with DHCP DNS Servers defined to both the Mac and RPi IP addresses. Blocking ads works perfectly, but the clients on Mac are weird.

My docker-compose.yml:

version: "3"

# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "192.168.96.6:80:80"
      - "192.168.96.6:53:53/tcp"
      - "192.168.96.6:53:53/udp"
      - "192.168.96.6:443:443"
    environment:
      SERVERIP: '192.168.96.6'
      FTLCONF_REPLY_ADDR4: '192.168.96.6'
      FTLCONF_BLOCK_ICLOUD_PR: 'false'
      TZ: 'Europe/Amsterdam'
      WEBPASSWORD: 'XX'
      PIHOLE_DNS_: '1.1.1.1;1.0.0.1'
      # FTLCONF_CHECK_DISK: '0'
    # Volumes store your data between container upgrades
    volumes:
      - '~/Docker/pihole/:/etc/pihole/'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    dns:
      - '127.0.0.1'
      - '1.1.1.1'
    cap_add:
      - NET_ADMIN
    restart: unless-stopped # Recommended but not required (DHCP needs NET_ADMIN)

What should I change to get individual clients?

@pralor-bot
Copy link

pralor-bot commented Jun 5, 2022

This issue has been mentioned on Pi-hole Userspace. There might be relevant details there:

https://discourse.pi-hole.net/t/pi-hole-in-docker-on-macos-has-only-one-client/55875/1

@imro2
Copy link

imro2 commented Jun 5, 2022

If I remember correctly, most of the problems came down to iptables masquerading real IP addresses. There are a few solutions in this issue on how to turn that off. There were a few instances of IPv6 being translated to IPv4, which would look the same, but not sure what the solution be there as I have no experience with Docker and IPv6. I don't think there was ever a solution for Windows. I don't know what kind of firewall or service MAC uses to masquerade the IPs for Docker, but I would look there. It will most likely not be anything that docker-compose or the pi-hole docker itself can address.

Edit: here is an example of how the issue is fixed using iptables #135 (comment)

Has a IPv6 entries in there, so I guess should work there too.

Edit2: maybe this can help you docker/for-mac#180 (comment)

@nsmits
Copy link

nsmits commented Aug 7, 2022

As mentioned before; it's an issue with IPv6 and Docker; which doesn't play nice :) Running this will fix your issue (as a workaround; but the original/real IPv6 addresses will show up in pi-hole): https://github.com/robbertkl/docker-ipv6nat

Edit: don't forget to add a IPv6 network or change /etc/docker/daemon.json and add for example the following to the config:

    "ipv6": true,
    "fixed-cidr-v6": "fd00::/80"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Development

No branches or pull requests