Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

DNS behaving weirdly

Featured Replies

Hello everyone,

 

I have a problem with DNS resolution in some docker. The problem seems to arrive only after a reboot. My network topology is as follow.

 

I have 2 pihole server running on 2 different unraid. I have pfsense has my router, firewall and dhcp server. The DNS for all DHCP client is configured for these 2 pihole. I have a static configuration for my unraid servers where their DNS is pfsense. Since I want my dns to keep working on my servers if both pihole are down for whatever reason. This also mean that pfsense is my resolver for all of my docker.

 

The 2 pihole servers have my pfsense firewall has the resolver, and pfsense resolve with it's own mechanic.

 

In pfsense, I have created an entry in the dns resolver fo myserver.duckdns.org. Doing so, when I ping myserver.duckdns.org, it refer to my main unraid server from whatever which computer I ping from.

 

Now, I just had a power outage. Found out my main unraid server wasn't on the ups but on the power surge side when I cleaned it earlier this month. Because of that, it died and then rebooted. Upon reboot, I get a warning from my watcher that some service are down but they aren't. The configuration check for https://myserver.duckdns.org:8888/ (port not important) and if there's no answer, it's down.

 

If I open the docker cli for that docker and ping myserver.duckdns.org, I get the public ip!

 

If I open unraid cli and ping myserver.duckdns.org, I get the local ip.

 

During the power outage, pfsense and the other unraid server didn't die.

 

So now, I'm wondering how this docker resolve to my public ip.

 

The docker is using my-bridge (like 99% of my docker), a custom bridge I made age ago when I setup unraid and was in one of space invader tutorial on docker for unraid.

 

resolve.conf on that docker give that configuration:

nameserver 127.0.0.11
options ndots:0

 

I know that if I restart the docker, it will work now. Suddenly, it will get the right ip.

 

This seem to happen to other docker too. All I have to do is restart the docker and it solve the problem, but I don't get why they have the problem in the first place.

 

thank you

  • Community Expert

this is the usual problem called "pihole cannot work for UNRAID itself!"

Its because dockers are started last, but at boot time DNS is already needed here and there. These requests time out, some dockers may fail, what happens is more or less random.

 

The manual restart works then because now pihole is up and running. But you cannot control the sequence how they are started, so there will be always a big chance that something fails and needs manual interaction later on.

 

You MAY try to set UNRAID1' DNS to PIHOLE2 (on the other UNRAID) and vice versa. But again, ONE of them will fail if it started without the other already running!

You may need to "Turn on UNRAID1", wait a bit, "Turn on UNRAID2", again, wait a bit and finally "Reboot UNRAID1". But this is very time consuming and not very intuitive...

 

The best solution is: "Go out, buy a PI, put PIHOLE onto the PI and let every computer use it".

 

  • Author

Hello,

 

I think you missed the point that my unraid server doesn't use pihole itself. Both unraid server have my pfsense as dns resolution, not pihole.

 

Quote

 I have a static configuration for my unraid servers where their DNS is pfsense.

 

By the way, you do control the sequence in which your docker bootup. It start from top to bottom in your unraid docker list (and if you have docker folder, top to bottom of each folder). You can also set a delay to pause between each docker. PiHole is the first docker to boot up. I have some docker that have a wait 30sec on them (after database bootup). Some docker before and after that docker have the problem, others don't.

 

Pihole doesn't even know my server.duckdns.org ip, it ask pfsense for it since it's pfsense that has the entry in the resolver, not pihole.

 

If both pihole would be down when booting and I would be using those as dns resolver for unraid, the ping would just fail as name cannot be resolved, it wouldn't resolve as something else entirely unless it has another DNS server configured somewhere.

 

Docker use host DNS resolution, and the host (unraid) in this situation use pfsense, not pihole.

 

Thank you

 

edit: both my pihole are bridge to have a static ip on the network dedicated. I also have host access to docker. My unraid could use pihole (it was in the past) but it was causing problem when dockers on both server where down thus why I reverted long time ago to use my router resolver, which is also the upstream dns for my piholes. In any case, neither of them should give me the public ip of my network instead of the internal ip that my router give

Edited by Nodiaque

  • Community Expert
24 minutes ago, Nodiaque said:

think you missed the point that my unraid server doesn't use pihole itself. Both unraid server have my pfsense as dns resolution, not pihole.

Maybe my english is too bad, but for me it looks like you have created a dns loop unraid-pfsense-duckdns-unraid(pihole) ???

? ? ?

 

  • Author

no, not at all....

 

 

I don't use duckdns as dns resolver...

 

My pfsense has it's own DNS server, unbound. This one is the resolver the lan use per default. I can configure any client to talk to him and it will answer. His upstream DNS are the one from my ISP on the wan side.

 

In pfsense, I have created a DNS entry (cname) for my local service which are on my domain *.myserver.duckdns.org and also an entry for myserver.duckdns.org to resolve on my internal ip. Any client connect to pfsense has a dns client will receive this internal ip. This work perfectly.

 

Since I already had pihole before having pfsense and I liked how it worked (except the fact they can't sync natively), I configured pfsense do any DHCP client get pihole DNS instead except for my unraid server where one is myserver.duckdns.org.

 

In PiHole, I configured the upstream DNS server to be my pfsense. So anything not resolved or in cache will go to pfsense.

 

My unraid server doesn't talk to pihole, and pfsense doesn't talk to pihole.

 

So there's 2 possible resolve path here:

 

DHCP Client like a personnal computer connect to the network and make a DNS query. The Path will be Client -> pihole -> pfsense -> upstream ISP DNS

 

If my unraid servers or any dockers on them make a DNS query, the path will be Docker client -> Docker Host (unraid) -> pfsense -> upstream ISP DNS.

 

The request can stop at pihole or pfsense if the value is known. In my current case, the path for the request will be

 

DHCP client: Client -> pihole (not found forward to upstream) -> pfsense (found in dns entry with local ip) -> pfsense reply -> pihole get the reply and forward to client -> client receive the ip

 

Dockers/Unraid: Unraid -> pfsense (foudn in dns entry with local ip) -> pfsense reply -> docker/unraid receive the ip.

 

I've query all 3 DNS, all 3 always answer with the internal ip since they all go to pfsense to get the ip. If I shutdown all 3 dns, all docker ping give me cannot resolve error..

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.