Home Assistant Docker with Pihole -> DNS error?

pixelwave · February 17, 2023, 8:39am

I have the following setup which was running smooth but recently added pihole to the mix:

Debian VM (192.168.178.110) running Docker with:

Portainer
Home Assistant
Pihole

Fritzbox with added local DNS server → pihole.

Now I tried to update my containers running in portainer with the following command:

ssh [email protected] docker run --rm \
    --name WatchTower \
    -v /var/run/docker.sock:/var/run/docker.sock \
    containrrr/watchtower \
    --run-once \
    --cleanup \
    --include-restarting \
    --rolling-restart \
    --include-stopped

… usually it runs fine but now there were some errors (“Could not do a head request”, …):

time="2023-02-17T08:27:57Z" level=info msg="Watchtower 1.5.3"
time="2023-02-17T08:27:57Z" level=info msg="Using no notifications"
time="2023-02-17T08:27:57Z" level=info msg="Checking all containers (except explicitly disabled with label)"
time="2023-02-17T08:27:57Z" level=info msg="Running a one time update."
time="2023-02-17T08:28:17Z" level=warning msg="Could not do a head request for \"containrrr/watchtower:latest\", falling back to regular pull." container=/WatchTower image="containrrr/watchtower:latest"
time="2023-02-17T08:28:17Z" level=warning msg="Reason: Get \"https://index.docker.io/v2/\": dial tcp: lookup index.docker.io on 192.168.178.110:53: read udp 172.17.0.9:55012->192.168.178.110:53: i/o timeout" container=/WatchTower image="containrrr/watchtower:latest"
time="2023-02-17T08:28:38Z" level=warning msg="Could not do a head request for \"homeassistant/home-assistant:latest\", falling back to regular pull." container=/homeassistant image="homeassistant/home-assistant:latest"
time="2023-02-17T08:28:38Z" level=warning msg="Reason: Get \"https://index.docker.io/v2/\": dial tcp: lookup index.docker.io on 192.168.178.110:53: read udp 172.17.0.9:52709->192.168.178.110:53: i/o timeout" container=/homeassistant image="homeassistant/home-assistant:latest"
time="2023-02-17T08:28:59Z" level=warning msg="Could not do a head request for \"pihole/pihole:latest\", falling back to regular pull." container=/pihole image="pihole/pihole:latest"
time="2023-02-17T08:28:59Z" level=warning msg="Reason: Get \"https://index.docker.io/v2/\": dial tcp: lookup index.docker.io on 192.168.178.110:53: read udp 172.17.0.9:58471->192.168.178.110:53: i/o timeout" container=/pihole image="pihole/pihole:latest"
time="2023-02-17T08:29:20Z" level=warning msg="Could not do a head request for \"jlesage/jdownloader-2:latest\", falling back to regular pull." container=/jdownloader2 image="jlesage/jdownloader-2:latest"
time="2023-02-17T08:29:20Z" level=warning msg="Reason: Get \"https://index.docker.io/v2/\": dial tcp: lookup index.docker.io on 192.168.178.110:53: read udp 172.17.0.9:36953->192.168.178.110:53: i/o timeout" container=/jdownloader2 image="jlesage/jdownloader-2:latest"
time="2023-02-17T08:29:41Z" level=warning msg="Could not do a head request for \"linuxserver/heimdall:latest\", falling back to regular pull." container=/heimdall image="linuxserver/heimdall:latest"
time="2023-02-17T08:29:41Z" level=warning msg="Reason: Get \"https://index.docker.io/v2/\": dial tcp: lookup index.docker.io on 192.168.178.110:53: read udp 172.17.0.9:52642->192.168.178.110:53: i/o timeout" container=/heimdall image="linuxserver/heimdall:latest"
time="2023-02-17T08:30:02Z" level=warning msg="Could not do a head request for \"deconzcommunity/deconz:latest\", falling back to regular pull." container=/deconz image="deconzcommunity/deconz:latest"
time="2023-02-17T08:30:02Z" level=warning msg="Reason: Get \"https://index.docker.io/v2/\": dial tcp: lookup index.docker.io on 192.168.178.110:53: read udp 172.17.0.9:59635->192.168.178.110:53: i/o timeout" container=/deconz image="deconzcommunity/deconz:latest"
time="2023-02-17T08:30:24Z" level=warning msg="Could not do a head request for \"linuxserver/resilio-sync:latest\", falling back to regular pull." container=/resilio-sync image="linuxserver/resilio-sync:latest"
time="2023-02-17T08:30:24Z" level=warning msg="Reason: Get \"https://index.docker.io/v2/\": dial tcp: lookup index.docker.io on 192.168.178.110:53: read udp 172.17.0.9:58646->192.168.178.110:53: i/o timeout" container=/resilio-sync image="linuxserver/resilio-sync:latest"
time="2023-02-17T08:30:45Z" level=warning msg="Could not do a head request for \"eclipse-mosquitto:latest\", falling back to regular pull." container=/mosquitto image="eclipse-mosquitto:latest"
time="2023-02-17T08:30:45Z" level=warning msg="Reason: Get \"https://index.docker.io/v2/\": dial tcp: lookup index.docker.io on 192.168.178.110:53: read udp 172.17.0.9:58302->192.168.178.110:53: i/o timeout" container=/mosquitto image="eclipse-mosquitto:latest"
time="2023-02-17T08:31:06Z" level=warning msg="Could not do a head request for \"portainer/portainer-ce:latest\", falling back to regular pull." container=/portainer image="portainer/portainer-ce:latest"
time="2023-02-17T08:31:06Z" level=warning msg="Reason: Get \"https://index.docker.io/v2/\": dial tcp: lookup index.docker.io on 192.168.178.110:53: read udp 172.17.0.9:48851->192.168.178.110:53: i/o timeout" container=/portainer image="portainer/portainer-ce:latest"
time="2023-02-17T08:31:27Z" level=warning msg="Could not do a head request for \"octoprint/octoprint:latest\", falling back to regular pull." container=/octoprint image="octoprint/octoprint:latest"
time="2023-02-17T08:31:27Z" level=warning msg="Reason: Get \"https://index.docker.io/v2/\": dial tcp: lookup index.docker.io on 192.168.178.110:53: read udp 172.17.0.9:46556->192.168.178.110:53: i/o timeout" container=/octoprint image="octoprint/octoprint:latest"
time="2023-02-17T08:31:28Z" level=info msg="Session done" Failed=0 Scanned=10 Updated=0 notify=no
time="2023-02-17T08:31:28Z" level=info msg="Waiting for the notification goroutine to finish" notify=no

But the containers were updated. But home assistant also throws now a bunch of errors looking at the logs:

2023-02-17 09:37:45.654 WARNING (MainThread) [homeassistant.bootstrap] Waiting on integrations to complete setup: fritz, brother, hacs, mqtt, mobile_app
2023-02-17 09:38:13.134 ERROR (SyncWorker_8) [homeassistant.util.package] Unable to install package addict: WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f23b99cc3a0>: Failed to establish a new connection: [Errno -3] Try again')': /musllinux/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f23b99cc550>: Failed to establish a new connection: [Errno -3] Try again')': /musllinux/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f23b99ccaf0>: Failed to establish a new connection: [Errno -3] Try again')': /musllinux/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f23b99ccca0>: Failed to establish a new connection: [Errno -3] Try again')': /musllinux/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f23b99cce50>: Failed to establish a new connection: [Errno -3] Try again')': /musllinux/
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f23b99cd1b0>: Failed to establish a new connection: [Errno -3] Try again')': /simple/addict/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f23b99cd5d0>: Failed to establish a new connection: [Errno -3] Try again')': /simple/addict/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f23b9b32fb0>: Failed to establish a new connection: [Errno -3] Try again')': /simple/addict/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f23b99ccbe0>: Failed to establish a new connection: [Errno -3] Try again')': /simple/addict/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f23b99cc9d0>: Failed to establish a new connection: [Errno -3] Try again')': /simple/addict/
ERROR: Could not find a version that satisfies the requirement addict (from versions: none)
ERROR: No matching distribution found for addict
WARNING: There was an error checking the latest version of pip.

… any ideas?

pixelwave · February 17, 2023, 10:21am

"/etc/resolv.conf " in the docker vm reads:

domain fritz.box
search fritz.box
nameserver 192.168.178.110 # nameserver = pihole

“nslookup pi.hole” feedbacks:

Server:		192.168.178.110
Address:	192.168.178.110#53

Name:	pi.hole
Address: 192.168.178.110

Now if I:

remove pihole under local DNS of the fritzbox
reboot docker vm
start the watchtower script again, no errors:

time="2023-02-17T10:23:34Z" level=info msg="Watchtower 1.5.3"
time="2023-02-17T10:23:34Z" level=info msg="Using no notifications"
time="2023-02-17T10:23:34Z" level=info msg="Checking all containers (except explicitly disabled with label)"
time="2023-02-17T10:23:34Z" level=info msg="Running a one time update."
time="2023-02-17T10:23:42Z" level=info msg="Session done" Failed=0 Scanned=10 Updated=0 notify=no
time="2023-02-17T10:23:42Z" level=info msg="Waiting for the notification goroutine to finish" notify=no

pixelwave · February 17, 2023, 11:39am

Environment variable for the pihole container is set:

pihole-FTL.conf setting LOCAL_IPV4=192.168.178.110

Inside pihole … if I try to Update Gravity (list of blocked domains) it throws also an error:

  [✗] DNS resolution is currently unavailable
  [i] Time until retry: 104

When I open the command line in the pihole container and try “nslookup fritz.box” it also throws that error:

root@pihole:/# nslookup fritz.box
;; reply from unexpected source: 172.17.0.1#53, expected 192.168.178.110#53

;; reply from unexpected source: 172.17.0.1#53, expected 192.168.178.110#53

;; reply from unexpected source: 172.17.0.1#53, expected 192.168.178.110#53

;; connection timed out; no servers could be reached

pixelwave · February 17, 2023, 11:53am

Ok digging deeper into the topic … I changed the port allowcations now in portainer from:

…to this:

If I now do an nslookup inside the pihole container it gives correct feedback:

root@pihole:/# nslookup fritz.box
Server:         192.168.178.110
Address:        192.168.178.110#53

Name:   fritz.box
Address: 192.168.178.1

…and gravitiy updates also work now:

…trying to run watchtower also does not throw an error anymore:

time="2023-02-17T11:48:32Z" level=info msg="Watchtower 1.5.3"
time="2023-02-17T11:48:32Z" level=info msg="Using no notifications"
time="2023-02-17T11:48:32Z" level=info msg="Checking all containers (except explicitly disabled with label)"
time="2023-02-17T11:48:32Z" level=info msg="Running a one time update."
time="2023-02-17T11:48:41Z" level=info msg="Session done" Failed=0 Scanned=10 Updated=0 notify=no
time="2023-02-17T11:48:41Z" level=info msg="Waiting for the notification goroutine to finish" notify=no