Skip to content

Why requirement for --dns=127.0.0.1 ? #431

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mhofman opened this issue Feb 27, 2019 · 3 comments
Closed

Why requirement for --dns=127.0.0.1 ? #431

mhofman opened this issue Feb 27, 2019 · 3 comments
Labels
Submitter Attention Required

Comments

@mhofman
Copy link
Contributor

mhofman commented Feb 27, 2019

A lot of people trying to run this docker image have issues coming from the requirement to have the resolv.conf file contain 127.0.0.1 as the primary resolver.
Some docker/docker-compose installs simply don't seem to respect the option (e.g #410), requiring more dramatic hack such as binding a resolv.conf volume. I'm impacted by this, not sure why.
I understand this was proposed as a "fix" to other issues (as implied by #343), but what I can't figure out is what are those issues and what are they stemming from?

The only reference in pi-hole code I found is in gravity.sh that seem to check for DNS availability by issuing a system DNS query.
https://github.com/pi-hole/pi-hole/blob/f65f793a0d0d7dbc5882be38858c986f42b8c776/gravity.sh#L101

If that's the cause, why not target the query there at the localhost?

That's what the healthcheck seem to be doing?

docker-pi-hole/Dockerfile.template

Line 46 in f1f53e7

HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1

(Btw, why not do a simple TCP connection check like the basic pi-hole service script? That would avoid cluttering the logs with constant pi.hole queries)
https://github.com/pi-hole/pi-hole/blob/995ee41d6bc3a405a0402745b24140ca08c148f3/pihole#L259-L261

Removing the DNS mapping might also help add support for using other containers as DNS upstream as requested in #425, since docker's DNS resolver wouldn't be lost.
@diginc
Copy link
Collaborator

diginc commented Feb 28, 2019
edited
Loading

Modifications to the upstream Pi-hole repos could possibly remove this requirement. I agree it has been the source of some pain.

The gravity code you linked (getent hosts "${lookupDomain}") would have to support a custom DNS server like nslookup/host/dig does. Looking at man getent and from my experience I think it just uses the system's dns servers without the ability to customize so getent may need to be replaced.

I think top clients rendering with IPs instead of hostnames is another defect that the container using local DNS fixes also, at least while DHCP is in use...

This : https://github.com/pi-hole/AdminLTE/blob/5ec769d9d8ed70d43e1d774722d6e9a7f5002f14/api_db.php#L36

Could perhaps adopt a lookup from this instead, but it ads a dependency: https://stackoverflow.com/q/11563956

Those are the two mean reasons why localhost is set to the container's primary DNS.

HEALTHCHECK / why not do a simple TCP connection check like the basic pi-hole service script?

You might have a good alternative there with the dev tcp check

@mhofman
Copy link
Contributor Author

mhofman commented Feb 28, 2019

The gravity code you linked (getent hosts "${lookupDomain}") would have to support a custom DNS server like nslookup/host/dig does. Looking at man getent and from my experience I think it just uses the system's dns servers without the ability to customize so getent may need to be replaced.

The getent hosts command would resolve if the --network-alias=pi.hole is used when creating the container. However, using this option might be a problem if multiple pi-hole containers need to run on the same docker network (probably rare, but I'm actually doing it to provide different DNS service to my LAN and Guest networks).
An alternative might be to use --add-hosts=pi.hole:127.0.0.1 or extra_hosts: - "pi.hole:127.0.0.1" in docker-compose.

The gravity script seem to have a fallback mechanism using dig, but that doesn't seem to target the request at @127.0.0.1
The addition was made to fix a familiar sounding issue pi-hole/pi-hole#1806
Maybe @jacobsalmela can chime in?

I think top clients rendering with IPs instead of hostnames is another defect that the container using local DNS fixes also, at least while DHCP is in use...

This : https://github.com/pi-hole/AdminLTE/blob/5ec769d9d8ed70d43e1d774722d6e9a7f5002f14/api_db.php#L36

Could perhaps adopt a lookup from this instead, but it ads a dependency: https://stackoverflow.com/q/11563956

Interesting!

However as you say, for people not using pi-hole as a DHCP server, this might not be an issue at all. The docker upstream resolver is most likely able to resolve those names.
This might be a case of documenting the issue: if you're using the pi-hole docker image as DHCP server, make sure to add the --dns=127.0.0.1 option.

HEALTHCHECK / why not do a simple TCP connection check like the basic pi-hole service script?

You might have a good alternative there with the dev tcp check

Let me know if you want me to write a PR, but it might be easier for you to do it directly ;)

@diginc diginc mentioned this issue Jun 5, 2019
Closed
@github-actions
Copy link

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Submitter Attention Required
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mhofman @diginc