Port 53 only available for one network

[Cielquan]

This is a...

• Request for a new or modified feature
• Issue trying to run the docker image
• Issue trying to build / test / develop the docker image

Description

For my project I use pihole before unbound and also have internal DoH and DoT support. This means you can connect via DoH and DoT to the pihole.

When I switched from nginx as reverse proxy to traefik 2.0 I encountered problems with DoT feature. Problem was that TCP traffic could not be forwarded to pihole so I let traefik passthrough the DoT TCP stream to nginx to made it work. But I wanted to fully migrate to traefik.
I opend an issue at traefik's forum and got help which led me to this discovery.

Expected Behavior

I had 2 separate networks. One was for communication between the dns containers (doh_server, pihole, unbound, nginx) and one was for communication from traefik (traefik, doh_server, nginx, pihole).

When DoT traffic arrives at port 853 traefik should terminate the TLS connection and forward the traffic through the traefik-network to pihole on port 53. pihole should then make its dns request to unbound on port 53 via the dns-network.

Actual Behavior

When DoT traffic arrives at port 853 traefik terminates the TLS connection and cannot connect to pihole on port 53 to forward the TCP traffic.

Possible Fix

Allow multiple docker networks to connect on port 53.

Steps to Reproduce and debugging done

e.g. your docker run command, pages to visit, CLI commands you ran

• docker-compose file is attached as txt, because yaml is not supported. docker-compose.txt

version: '3.5'


services:

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    expose:
      - "80"
    networks:
      network1:
        ipv4_address: 172.16.1.4
      network2:
        ipv4_address: 172.16.2.4
      network3:
        ipv4_address: 172.16.3.4
      network4:
        ipv4_address: 172.16.4.4
    dns:
      - 127.0.0.1
    restart: always



networks:
  network1:
    name: network1
    driver: bridge
    ipam:
      config:
        - subnet: 172.16.1.0/24

  network2:
    name: network2
    driver: bridge
    ipam:
      config:
        - subnet: 172.16.2.0/24

  network3:
    name: network3
    driver: bridge
    ipam:
      config:
        - subnet: 172.16.3.0/24

  network4:
    name: network4
    driver: bridge
    ipam:
      config:
        - subnet: 172.16.4.0/24

1. Run docker-compose up -d
2. Run docker exec -it pihole bash
3. Run apt update && apt install inetutils-telnet -y
4. Run telnet 172.16.1.4 53 (works)
5. Run telnet 172.16.1.4 80 (works)
6. Run telnet 172.16.2.4 53 (works not)
7. Run telnet 172.16.2.4 80 (works)
8. Try more telnet <IP address> <port> if you want

Debug steps I have tried

Workaround: Remove additional networks and only use one network.
Works but does not please me.

• I have tried destroying my container instance, pulling the newest image version, and re-creating a new container
• I have tried running the nearly stock docker run example in the readme (removing any customizations I added)
  But I run it minimalistic in docker-compose (see attachment)
• I have tried running without my volume data mounts to eliminate volumes as the cause
• I have searched this repository for existing issues and pull requests that look similar

Context and extra information

1. Only the alphabetical (name) first network gets a working connection on port 53.
2. Other port do not seem to be affected
3. Create networks by hand does nothing
4. Subnet of network does not affect issue (preset IP vs random IP)
5. other images do not show this characteristic

Your Environment

• Docker Host Operating System and OS Version: Raspbian Buster
• Docker Version: 18.09.1
• Hardware architecture: ARMv7

[github-actions]

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.