Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dnsmasq binds to all interfaces even if you specify a listen interface #491

Closed
5 of 7 tasks
richardpowellus opened this issue Aug 11, 2019 · 5 comments
Closed
5 of 7 tasks

dnsmasq binds to all interfaces even if you specify a listen interface #491

richardpowellus opened this issue Aug 11, 2019 · 5 comments
Labels
Submitter Attention Required

Comments

@richardpowellus
Copy link

dnsmasq will bind to all interfaces on port 53 even if you specify an interface for it to bind to. This is normal behavior. In order for dnsmasq to bind only to specified interfaces you need to use the bind-interfaces directive in the config.

I am planning on running two separate instances of pihole on my server (each one bound to a different interface) but this is not possible because there does not seem to be a way to set the bind-interfaces directive for pihole docker containers via environment variables.

My ask below is firstly for a feature that allows us to set the bind-interfaces directive via an environment variable. And, secondly, is there a good workaround for this that I can employ while I wait for the feature?

This is a...

  • Request for a new or modified feature
  • Issue trying to run the docker image
  • Issue trying to build / test / develop the docker image

Description

I can't think of more detail than what I put above.

Expected Behavior

N/A since the feature doesn't exist yet.

Actual Behavior

N/A since the feature doesn't exist yet.

Possible Fix

Add a new environment variable like DNSMASQ_BIND_INTERFACES and then set the value of that environment variable in 01-pihole.conf (bind-interfaces=value).

Steps to Reproduce and debugging done

Really easy to reproduce:

  1. Set both the INTERFACE and DNSMASQ_LISTENING container environment variables to a specific interface.
  2. Use host networking.
  3. Run: sudo netstat -plntu | grep -i 53

You will see that your container is bound to 0.0.0.0 and :::

Debug steps I have tried

  • I have tried destroying my container instance, pulling the newest image version, and re-creating a new container
  • I have tried running the nearly stock docker run example in the readme (removing any customizations I added)
  • I have tried running without my volume data mounts to eliminate volumes as the cause
  • I have searched this repository for existing issues and pull requests that look similar

Context and extra information

I want to run two separate pihole instances on two separate interfaces on my server.

The first (primary) instance will host dhcp (the second will not). The second pihole instance will use conditional forwarding to point to the first pihole instance's dns server for local dns resolution.

This will allow me to have most of my home network point to one set of upstream dns servers while a few machines on my network can point to a different set of upstream dns servers. I can also have different pihole whitelists, etc. for different parts of my home network.

This will allow me to have a very restricted network for my kids whilst having a less restricted setup for myself.

Your Environment

  • Docker Host Operating System and OS Version: Debian 9.9 (stretch)
  • Docker Version: 19.03.1, build 74b1e89
  • Hardware architecture: amd64
@richardpowellus
Copy link
Author

OK, I seem to have successfully worked around this issue. I created a /etc/dnsmasq.d/99-mysettings.conf and put "bind-interfaces" in there. Now dnsmasq is only binding to localhost and the interface I specified.

For the second pihole container instance I disabled host networking and I can now directly forward port 53 from inside the container to the separate interface that the first instance of pihole is no longer binding to.

I'll leave this active in case someone wants to add support for enabling "bind-interfaces" via a docker container environment variable. Otherwise feel free to close this out.

@AbdulR3hman
Copy link

@dprus thank you for the insight, any chance you can share the dnsmasq file with us? I'm having the same problem (I think)

@puddlewitt
Copy link

puddlewitt commented Jun 4, 2020
edited

I've got something which works..

My host, a raspberrypi, has two ip addresses 192.168.0.244 & 192.168.0.245 on a single interface. Running Ubuntu.

docker-compose.yml

version: "3"
services:
  pihole:
    privileged: true
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    network_mode: 'host'
    environment:
      DNS_BOGUS_PRIV: 'False'
      DNS_FQDN_REQUIRED: 'True' 
      TZ: 'Europe/London'
      WEBPASSWORD: 'BLARGH'
      ServerIP: 192.168.0.244
      DNS1: 208.67.222.222
      DNS2: 208.67.220.220
      DNSMASQ_LISTENING: 'local'
    # Volumes store your data between container upgrades
    volumes:
      - '/etc/etc-pihole/:/etc/pihole/'
      - '/etc/etc-dnsmasq.d/:/etc/dnsmasq.d/'
      # run `touch ./var-log/pihole.log` first unless you like errors
      - '/var/var-log/pihole.log:/var/log/pihole.log'
    dns:
      - 127.0.0.1
      - 208.67.222.222 
      - 208.67.220.220 
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

  piholekids:
    privileged: true
    container_name: piholekids
    image: pihole/pihole:latest
    hostname: raspberrypikids
    #network_mode: host
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "192.168.0.245:53:53/tcp"
      - "192.168.0.245:53:53/udp"
        #- "192.168.0.245:67:67/udp"
      - "192.168.0.245:80:80/tcp"
      - "192.168.0.245:443:443/tcp"
    environment:
      DNS_BOGUS_PRIV: 'False'
      DNS_FQDN_REQUIRED: 'True'
      TZ: 'Europe/London'
      WEBPASSWORD: 'BLARGH'
      ServerIP: 192.168.0.245
      DNS1: 208.67.222.123 
      DNS2: 208.67.220.123 
      VIRTUAL_HOST: 'pi.holekids'
      PROXY_LOCATION: 'pi.holekids'
      DNSMASQ_LISTENING: 'all' 
    # Volumes store your data between container upgrades
    volumes:
      - '/etc/etc-pihole-kids/:/etc/pihole/'
      - '/etc/etc-dnsmasq.d-kids/:/etc/dnsmasq.d/'
      # run `touch ./var-log/pihole.log` first unless you like errors
      - '/var/var-log-kids/pihole.log:/var/log/pihole.log'
    dns:
      - 127.0.0.1
      - 208.67.222.123
      - 208.67.220.123
    restart: unless-stopped
    # cap_add:
    #  - NET_ADMIN

/etc/etc-dnsmasq.d/98-pihole.conf

dhcp-option=tag:piholekids,6,192.168.0.245

dhcp-host=REPLACE:WITH:MAC:ADDRESS,set:piholekids

/etc/etc-dnsmasq.d/99-pihole.conf

listen-address=127.0.0.1
listen-address=192.168.0.244
bind-interfaces

@borgmon borgmon mentioned this issue Sep 27, 2020
Closed
@mankittens
Copy link

I'm also experiencing this issue running docker-pi-hole in balena. I second the proposal for a DNSMASQ_BIND_INTERFACES environment variable.

I will attempt to use this fix in the meantime!

@gklanderman gklanderman mentioned this issue Dec 15, 2020
Open
@jjs105 jjs105 mentioned this issue Jan 5, 2022
Closed
6 tasks
@github-actions
Copy link

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Submitter Attention Required
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@richardpowellus @puddlewitt @AbdulR3hman @mankittens