Comment on Running DNS server in Docker
fendrax@jlai.lu 6 months agoIn both the pi-hole (exposed on the host) and dnsmasq (used as upstream by pi-hole) containers:
# Generated by Docker Engine. # This file can be edited; Docker Engine will not make further changes once it # has been modified. nameserver 127.0.0.11 options ndots:0 # Based on host file: '/etc/resolv.conf' (internal res olver) # ExtServers: [host(127.0.0.1)] # Overrides: [] # Option ndots from: internal
So they are pointing to docker’s embedded DNS, itself forwarding to the host.
lemmyvore@feddit.nl 6 months ago
OK yeah, that might be a problem. You want to set the dns in the dnsmasq so it can resolve stuff upstream (probably with DoT or DoH), and the dns in pihole to the IP of dnsmasq. Look into the “dns”, “dns_search” and “dns_opt” compose directives.
You may also want to consider simplifing your stack by using only dnsmasq or only pihole. Both of them can do pretty much the same things if you add some plugins.
I’m using dnsmasq as lan dns server with DoH upstream as well as dhcp server. The dnsmasq is advertising itself as dns to all the dhcp clients. Also it runs on the router which allows it to hijack port 53 so any client attempting to do clear dns elsewhere ends up going through dnsmasq anyway. It also has an adblock plugin.
fendrax@jlai.lu 6 months ago
Your suggestion looks similar to this other comment and makes sense. I’ll try that!
I have never managed to wrap my head around DoH and DoT but this is on my todo list ^^
I didn’t know dnsmasq has an adblock plugin, I’ll have a look. Originally, I was using dnsmasq alone (running on bare metal). Then I migrated to docker and added pi-hole for ad blocking. I tried to get rid of dnsmasq but pi-hole’s embedded DHCP is not as configurable as dnsmasq’s and I could not address my use case.
Thanks a lot for your time!