[SUPPORT] pihole for unRaid - Spants repo


Recommended Posts

On 12/18/2021 at 12:48 PM, spants said:

The template just uses the official PiHole docker - it seems that there is a discussion here that may help https://github.com/pi-hole/docker-pi-hole/issues/922 .

 

Yes, I found that too. I have also adapted the template accordingly with the new "FTLCONF_ " variables. They also work, but in the end it had no effect on the crash problem.

 

On 12/18/2021 at 12:48 PM, spants said:

You could also change the docker tag to load a specific version: see here https://hub.docker.com/r/pihole/pihole/tags

 

I didn't want to downgrade yet. But it might help; this Docker ran for years without any problems.

Let's see what else I can find this weekend :)

Link to comment

I enabled Unraid to be able to talk to custom networks defined in Docker so I could use pihole for my dockers but I've noticed it queries for itself a lot. I also noticed a lot of ipv4 and ipv6 queries even though I'm not using ipv6 even on local network. The ipv4 queries were so much that I just added the Unraid server's IP to local cache so it would stop hitting the router for it (upstream server is my router which then does DoT to Cloudflare).

 

Is there any way to stop the ipv6 queries? 

 

image.thumb.png.ef73bf5f7784ef782e1d876453ba1f06.png

 

I also notice that the Plex server does a lot of querying for some kind of Plex direct URL with my server's IP in it (omitted below). Any idea what this is?

image.png.424a769803eb383183cde5256a228126.png

 

I ask all these questions because today my Internet failed because my ASUS router started complaining more than 150 concurrent DNS queries I assume from a single host, being the pihole. I have about 20 devices on my home network ranging from ioT to Windows 11 VM, PS5, dockers on Unraid, range of Apple devices etc.

 

Not sure what caused the spike in DNS but just looking at all this chatter in the query log thinking it could have something to do with it. The ones for the the Unraid server querying itself seem to have many times per second.

Link to comment

Additionally, I noticed the template it using some deprecated keys:

ServerIP replaced by FTLCONF_REPLY_ADDR4

ServerIPv6 replaced by FTLCONF_REPLY_ADDR6

 

There is also a specific key not in the template which appears to be specific to Unraid compatibility. I added it to see if it helps me.

 

Key: IPv6

Default value: True

Supported options: True/False

Description: For unraid compatibility, strips out all the IPv6 configuration from DNS/Web services when false.

https://github.com/pi-hole/docker-pi-hole/#running-pi-hole-docker

Link to comment
On 12/21/2021 at 2:49 PM, Gokux said:

Yes, I found that too. I have also adapted the template accordingly with the new "FTLCONF_ " variables. They also work, but in the end it had no effect on the crash problem.

 

I didn't want to downgrade yet. But it might help; this Docker ran for years without any problems.

Let's see what else I can find this weekend :)

 

What is the recommended workflow for upgrading the unraid template?
I have been using one that I made long before the pi-hole official image and want to switch over to the supported one.
 

Link to comment

I'm absolutely loosing my mind over deploying this...

 

Running tag 2022.01 using the recommended setup. I have DNS resolving and 'working', but when I actually check the docker container by running `pihole status`, I just get `[✗] DNS service is NOT listening`, the webUI also reports "DNS service not running" constantly.

 

I've spent the last few hours trawling through just about every GH issue on the topic and help page on here trying all sorts of solutions. I've nuked the container and appdata around 3 times now for fresh installs to try and fix things, nothing is working.

 

I have the container running on br0 at an address of 10.0.0.201 which is static, which is also the value of ServerIP. PIHOLE_DNS_ is configured to 1.1.1.1;1.0.0.1 with DNSMASQ_LISTENING set to local. All other options are default.

 

This is my diag report:

 

diag.log

Edited by unraidyn
Add local docker config info
Link to comment
5 minutes ago, unraidyn said:

I'm absolutely loosing my mind over deploying this...

 

Running tag 2022.01 using the recommended setup. I have DNS resolving and 'working', but when I actually check the docker container by running `pihole status`, I just get `[✗] DNS service is NOT listening`, the webUI also reports "DNS service not running" constantly.

 

I've spent the last few hours trawling through just about every GH issue on the topic and help page on here trying all sorts of solutions. I've nuked the container and appdata around 3 times now for fresh installs to try and fix things, nothing is working.

 

I have the container running on br0 at an address of 10.0.0.201 which is static, which is also the value of ServerIP. PIHOLE_DNS_ is configured to 1.1.1.1;1.0.0.1 with DNSMASQ_LISTENING set to local. All other options are default.

 

This is my diag report:

 

diag.log 31.54 kB · 2 downloads

*** [ DIAGNOSING ]: Networking [✗] No IPv4 address(es) found on the br0 interface. [✗] No IPv6 address(es) found on the br0 interface.
 

looks like it doesn’t have an IP assigned to itself. Did you define one in the config and make sure it’s outside your router’s DHCP scope but on the same subnet as the rest of your machines?

Link to comment
2 minutes ago, nickp85 said:

*** [ DIAGNOSING ]: Networking [✗] No IPv4 address(es) found on the br0 interface. [✗] No IPv6 address(es) found on the br0 interface.
 

looks like it doesn’t have an IP assigned to itself. Did you define one in the config and make sure it’s outside your router’s DHCP scope but on the same subnet as the rest of your machines?

 

I thought that too, but it does.

 

The device is accessible and listening on 10.0.0.201 with that DNS server being reported via UniFi DHCP so all clients are pointing at it.

 

Tail'ing the PiHole log in realtime on the container `pihole -t`, I can see local client lookups are going through fine:

 

# -----
# Local machine @ 10.0.0.23

01:42:36 in ~
➜  nslookup google.com
Server:		10.0.0.201
Address:	10.0.0.201#53

Non-authoritative answer:
Name:	google.com
Address: 142.250.180.14


01:42:41 in ~
➜  nslookup internal.othyn.com
Server:		10.0.0.201
Address:	10.0.0.201#53

Name:	internal.othyn.com
Address: 10.0.0.200


# -----
# Pihole @ 10.0.0.201

$ pihole status
  [✗] DNS service is NOT listening
$ pihole -t
Jan  5 01:42:41: query[A] google.com from 10.0.0.23
Jan  5 01:42:41: forwarded google.com to 1.1.1.1
Jan  5 01:42:41: reply google.com is 142.250.180.14
Jan  5 01:42:43: query[A] incoming.telemetry.mozilla.org from 10.0.0.23
Jan  5 01:42:43: gravity blocked incoming.telemetry.mozilla.org is 0.0.0.0
Jan  5 01:42:50: query[A] pihole.internal.othyn.com from 10.0.0.23
Jan  5 01:42:50: /etc/pihole/custom.list pihole.internal.othyn.com is 10.0.0.200
Jan  5 01:42:54: query[A] pi.hole from 127.0.0.1
Jan  5 01:42:54: Pi-hole hostname pi.hole is 10.0.0.201
Jan  5 01:42:57: query[A] oxserv.internal.othyn.com from 10.0.0.23
Jan  5 01:42:57: /etc/pihole/custom.list oxserv.internal.othyn.com is 10.0.0.200
Jan  5 01:43:00: query[A] internal.othyn.com from 10.0.0.23
Jan  5 01:43:00: /etc/pihole/custom.list internal.othyn.com is 10.0.0.200
Jan  5 01:43:24: query[PTR] 23.0.0.10.in-addr.arpa from 10.0.0.23
Jan  5 01:43:24: config 10.0.0.23 is NXDOMAIN
Jan  5 01:43:25: query[A] pi.hole from 127.0.0.1
Jan  5 01:43:25: Pi-hole hostname pi.hole is 10.0.0.201

 

So I have no idea WTF is going on as its responding to client requests with upstream DNS from CF.

Link to comment
1 hour ago, norp90 said:

- If pihole running but status in UI/API is not shoiwn active, add env. variable 'DNSMASQ_USER' with value = 'root'. This should be fixed soon in a new release, they are working on it, so remove this variable again once new update released and see if it's no longer required.

 

Oh my gosh, that was it! THANK YOU!!!

 

Now just to figure out why its responding to LAN clients and not WLAN... despite being pingable (@ :53) and accessible to WLAN clients.

 

EDIT:

DNSMASQ_LISTENING doesn't work across subnets when set to 'local', it has to be 'all'

Edited by unraidyn
Link to comment
4 hours ago, norp90 said:

Having issues getting latest release working?

 

- If pihole running but status in UI/API is not shoiwn active, add env. variable 'DNSMASQ_USER' with value = 'root'. This should be fixed soon in a new release, they are working on it, so remove this variable again once new update released and see if it's no longer required.

 

- Other issues? Do a review of all of your docker template env. variables vs. the current recommend and optional ones here https://github.com/pi-hole/docker-pi-hole. There have been a lot of changes recently that haven't been reflected in Unraid automatically. I suggest removing old ones no longer in use or only optional and see if that fixes issues, then add back any you know you need. The changes in the DNS ones to a single PIHOLE_DNS one was a big change recently to watch for.

THANK YOU! Holy crap this has been bugging the crap out of me. I actually set up AdGuard because I couldn't for the life of me figure out what was going on. This fixed my issues... though at this point my pihole will be a secondary DNS server for now. 

Link to comment

For those that are coming here to troubleshoot a new Pihole docker setup in 2022, the app marked "Official" in Community Apps doesn't yet work on Unraid out of the box.  The template being pulled from docker has changed and the Unraid template hasn't been updated to use the new/correct variables yet.  There are some changes listed in the thread here that may get it working for you, but for now, don't pull your hair out if it's not working out of the box.

 

If I'm wrong, please delete this post or flag it...I'm not a spokesperson for this docker template...just someone that has pulled some hair out and now (I think?) understands where things stand.

Link to comment
4 hours ago, Andiroo2 said:

For those that are coming here to troubleshoot a new Pihole docker setup in 2022, the app marked "Official" in Community Apps doesn't yet work on Unraid out of the box.  The template being pulled from docker has changed and the Unraid template hasn't been updated to use the new/correct variables yet.  There are some changes listed in the thread here that may get it working for you, but for now, don't pull your hair out if it's not working out of the box.

 

If I'm wrong, please delete this post or flag it...I'm not a spokesperson for this docker template...just someone that has pulled some hair out and now (I think?) understands where things stand.

 

I updated it a few days ago - let me know if it doesnt work for you. I tested it on a new adddata directory to be sure.

I have not added "env. variable 'DNSMASQ_USER' with value = 'root'" in a couple of posts up as this is a temporary docker issue.

Link to comment
18 hours ago, spants said:

 

I updated it a few days ago - let me know if it doesnt work for you. I tested it on a new adddata directory to be sure.

I have not added "env. variable 'DNSMASQ_USER' with value = 'root'" in a couple of posts up as this is a temporary docker issue.

 

I just tried a fresh pull and still the same behaviour.  I can't get the GUI to load, but the system reports positive status:

pihole status

  [✓] FTL is listening on port 53
     [✓] UDP (IPv4)
     [✓] TCP (IPv4)
     [✓] UDP (IPv6)
     [✓] TCP (IPv6)

  [✓] Pi-hole blocking is enabled

 

...and if I tail the log, I see activity:

# pihole -t
  [i] Press Ctrl-C to exit
08:09:17: forwarded 197.1.168.192.in-addr.arpa to 1.0.0.2
08:09:17: forwarded 197.1.168.192.in-addr.arpa to 1.0.0.2
08:09:19: query[AAAA] diag.meethue.com from 192.168.1.103
08:09:19: forwarded diag.meethue.com to 1.1.1.2
08:09:19: forwarded diag.meethue.com to 1.0.0.2
08:09:19: forwarded diag.meethue.com to 1.0.0.2
08:09:22: query[PTR] 197.1.168.192.in-addr.arpa from 127.0.0.1

 

I just can't get the GUI to load to set it up fully.  Screenshot of the docker page is attached.  What am I missing?

Screeny573.png

Edited by Andiroo2
Link to comment
1 hour ago, Andiroo2 said:

 

I just tried a fresh pull and still the same behaviour.  I can't get the GUI to load, but the system reports positive status:

pihole status

  [✓] FTL is listening on port 53
     [✓] UDP (IPv4)
     [✓] TCP (IPv4)
     [✓] UDP (IPv6)
     [✓] TCP (IPv6)

  [✓] Pi-hole blocking is enabled

 

...and if I tail the log, I see activity:

# pihole -t
  [i] Press Ctrl-C to exit
08:09:17: forwarded 197.1.168.192.in-addr.arpa to 1.0.0.2
08:09:17: forwarded 197.1.168.192.in-addr.arpa to 1.0.0.2
08:09:19: query[AAAA] diag.meethue.com from 192.168.1.103
08:09:19: forwarded diag.meethue.com to 1.1.1.2
08:09:19: forwarded diag.meethue.com to 1.0.0.2
08:09:19: forwarded diag.meethue.com to 1.0.0.2
08:09:22: query[PTR] 197.1.168.192.in-addr.arpa from 127.0.0.1

 

I just can't get the GUI to load to set it up fully.  Screenshot of the docker page is attached.  What am I missing?

 

 

is this with a new blank appdata/pihole directory? try a different name name to make sure (I had issues with permissions from an old installation). Is 192.168.1.99 already in use elsewhere?
... thats all I can think of at the moment

  • Thanks 1
Link to comment
40 minutes ago, spants said:

 

is this with a new blank appdata/pihole directory? try a different name name to make sure (I had issues with permissions from an old installation). Is 192.168.1.99 already in use elsewhere?
... thats all I can think of at the moment

 

Success!  I deleted the ../appdata/pihole/ directory completely and pulled a new image.  No go.  Then I changed the IP from .99 to .98 and it worked.  Something must be using .99 on my network already, even though my Unifi controller shows it as available.  More research to come, but for now my backup Pihole is running.  Thanks!

Link to comment

Im looking at Spaceinvaders video about this, but its from 2018 and latest version does not have the "BlockList" option under Settings. Is this in another place now?

 

Edit: Found it, its now under Group Managment-->Adlists

Edited by isvein
found what I was looking for
Link to comment
  • 3 weeks later...

I just did a fresh reinstall and it seems like pihole has an issue reaching the upstream DNS servers when updating the blocklist:

# cat /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0
# pihole -g
  [✗] DNS resolution is currently unavailable
  [i] Time until retry: 120^C

  [i] User-abort detected

 

PIHOLE_DNS_ is correctly set to 8.8.8.8;8.8.4.4 but that doesn't seem to be used here.

Link to comment

Adding to this discussion.

 

I did a fresh install of pihole and am unable to update gravity. The config alerts if I attempt to use 127.0.0.1 as DNS1. 

 

My list of hosts blocked is reported as '-2'.

 

Attempts to update gravity take a very long time but ultimately fail with the same errors of 

[✗] DNS resolution is currently unavailable

[✗] DNS resolution is not available

 

Attempted to reload the docker with DNSMASQ_USER set to 'root' but still have the same errors. Am able to access the web interface buy my custom password is not being used for accessing the web gui. It still uses the default 'admin'.

 

Confirmed a reinstall has the same problem even after I wipe out the /appdata/pihole dir to start fresh.

 

Can't upload debug log. These errors show in the debug and seem significant:

 

=========

*** [ DIAGNOSING ]: Networking
[✗] No IPv4 address(es) found on the br0 interface.

[✗] No IPv6 address(es) found on the br0 interface.


*** [ DIAGNOSING ]: Ports in use

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve  on lo (127.0.0.1)
[✓] No IPv4 address available on eth0@if34
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] No IPv6 address available on lo
[✓] No IPv6 address available on eth0@if34
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (2001:4860:4860::8888)

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   Timeout: 10 seconds
   
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   DHCP packets received on interface tunl0: 0
   DHCP packets received on interface eth0: 0
   DHCP packets received on interface ip_vti0: 0

=========

Interface should be br0 but this shows no IP address available 

Edited by eisen4
Adding debug context
Link to comment
5 hours ago, eisen4 said:

Adding to this discussion.

 

I did a fresh install of pihole and am unable to update gravity. The config alerts if I attempt to use 127.0.0.1 as DNS1. 

 

My list of hosts blocked is reported as '-2'.

 

Attempts to update gravity take a very long time but ultimately fail with the same errors of 

[✗] DNS resolution is currently unavailable

[✗] DNS resolution is not available

 

Attempted to reload the docker with DNSMASQ_USER set to 'root' but still have the same errors. Am able to access the web interface buy my custom password is not being used for accessing the web gui. It still uses the default 'admin'.

 

Confirmed a reinstall has the same problem even after I wipe out the /appdata/pihole dir to start fresh.

 

Can't upload debug log. These errors show in the debug and seem significant:

 

=========

*** [ DIAGNOSING ]: Networking
[✗] No IPv4 address(es) found on the br0 interface.

[✗] No IPv6 address(es) found on the br0 interface.


*** [ DIAGNOSING ]: Ports in use

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve  on lo (127.0.0.1)
[✓] No IPv4 address available on eth0@if34
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] No IPv6 address available on lo
[✓] No IPv6 address available on eth0@if34
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (2001:4860:4860::8888)

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   Timeout: 10 seconds
   
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   DHCP packets received on interface tunl0: 0
   DHCP packets received on interface eth0: 0
   DHCP packets received on interface ip_vti0: 0

=========

Interface should be br0 but this shows no IP address available 

Must be your setup because I just reinstalled as a test and the template works perfectly and updates lists etc no issue.

Link to comment
35 minutes ago, PeteAsking said:

Must be your setup because I just reinstalled as a test and the template works perfectly and updates lists etc no issue.

Can you share your docker config screen/settings? 

 

I thought it was related to the Settings > Docker > Advanced view > Host access to custom networks. Mine was initially disabled.

 

Stopped Docker > Changed to enabled > Started docker > Force updated the pihole docker. It still doesn't see the internet or that it has an IPv4 address assigned to it according to my diag.

 

I think the key section of my debug diag log is this:

Quote

*** [ DIAGNOSING ]: Networking
[✗] No IPv4 address(es) found on the br0 interface.

[✗] No IPv6 address(es) found on the br0 interface.

 

Pihole docker settings

Quote

Network Type: Custom : br0

Fixed IP address (optional): 192.168.1.2              Subnet: 192.168.1.0/24

...

ServerIP: 192.168.1.2

...

INTERFACE: br0

 

 

Link to comment
15 hours ago, eisen4 said:

Can you share your docker config screen/settings? 

 

I thought it was related to the Settings > Docker > Advanced view > Host access to custom networks. Mine was initially disabled.

 

Stopped Docker > Changed to enabled > Started docker > Force updated the pihole docker. It still doesn't see the internet or that it has an IPv4 address assigned to it according to my diag.

 

I think the key section of my debug diag log is this:

 

Pihole docker settings

 

 

No problem, my config is on a vlan so bear in mind you wont be doing that presumably and thus the networking is simpler in your case:

Screenshot from 2022-02-03 09-27-18.png

Screenshot from 2022-02-03 09-27-32.png

Screenshot from 2022-02-03 09-27-43.png

Link to comment

Just fyi I noticed a mistake in my config, the ServerIP further down which seths the hostname record etc should be 192.168.7.5, and I incorrectly listed it in my ss above as 192.168.2.22. I corrected that now. It doesnt change much or stop the docker working but in case you are confused I have something on that IP and was obviously not paying too much attention when typing in that field when I redid it.

Link to comment

I think the difference between your setup and mine is on the br0.7 config. I only have my default br0. No VLANs enabled. Attempting to give my instance of pihole a different IP worked to access the interface, but I think I probably need to configure it via VLANs for it to work.

 

In the meantime, I just put pihole on an old model B. Would rather have it in unraid.

 

What's your config for networking? 

 

 

Screen Shot 2022-02-03 at 10.29.55 AM.png

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.