Got pihole<->pdns recursor<->pdns authoritative to work on docker. Had to make them use host network:
/etc/systemd/system/pdnsauth.service: [Unit] Description=PowerDNS authoritative DNS server [Service] TimeoutStartSec=45 Restart=always ExecStartPre=-/usr/bin/docker stop pdnsauth ExecStartPre=-/usr/bin/docker rm pdnsauth ExecStart=/usr/bin/docker run --name pdnsauth --network host -v /etc/containers/pdns-authoritative/config/pdns.conf:/etc/powerdns/pdns.conf -v /etc/containers/pdns-authoritative/config/named.conf:/etc/named/named.conf -v /etc/containers/pdns-authoritative/zones:/etc/zones --cpu-quota=50000 --memory=256m "dockerregistry.incandescent.tech:1080/pdns-auth-48:4.8.1" [Install] WantedBy=multi-user.target /etc/systemd/system/pdnsrecursor.service: [Unit] Description=PowerDNS recursive DNS server [Service] TimeoutStartSec=45 Restart=always ExecStartPre=-/usr/bin/docker stop pdnsrecursor ExecStartPre=-/usr/bin/docker rm pdnsrecursor ExecStart=/usr/bin/docker run --network host --name pdnsrecursor -v /etc/containers/pdns-recursor/config/recursor.conf:/etc/powerdns/recursor.conf -v /etc/containers/pdns-recursor/config/dnshosts:/etc/hosts --cpu-quota=30000 --memory=256m "dockerregistry.incandescent.tech:1080/pdns-recursor-49:4.9.1" [Install] WantedBy=multi-user.target /etc/systemd/system/pihole.service: [Unit] Description=PiHole [Service] TimeoutStartSec=60 RestartSec=5s Restart=always ExecStartPre=-/usr/bin/docker stop pihole ExecStartPre=-/usr/bin/docker rm pihole ExecStart=/usr/bin/docker run --name pihole --network host -v "/srv/storage/pihole/etc-pihole:/etc/pihole" -v "/srv/storage/pihole/etc-dnsmasq.d:/etc/dnsmasq.d" --restart=unless-stopped --hostname pihole --env-file /etc/containers/pihole/environment/pihole.env --cpu-quota=50000 --memory=2048m "dockerregistry.incandescent.tech:1080/pihole:2023.05.2" [Install] WantedBy=multi-user.target
/etc/containers/pdns-authoritative/config/pdns.conf: local-address=0.0.0.0,:: local-port=8053 launch=bind bind-config=/etc/named/named.conf webserver-address=0.0.0.0 allow-axfr-ips=192.168.0.0/21,172.0.0.0/8,10.0.0.0/8 api=yes api-key=SECRETAPI default-ttl=3600 webserver=yes webserver-password=SECRETWEB webserver-allow-from=192.168.0.0/21,172.0.0.0/8,10.0.0.0/8 loglevel=6 include-dir=/etc/powerdns/pdns.d /etc/containers/pdns-recursor/config/recursor.conf: allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10 forward-zones=svealiden.se=192.168.2.73:8053 local-port=7053 local-address=0.0.0.0 webserver=yes webserver-address=0.0.0.0 webserver-allow-from=192.168.0.0/16,172.0.0.0/8,10.0.0.0/8 webserver-password=SECRETWEB webserver-port=8082 dnssec=off export-etc-hosts=yes log-common-errors=yes loglevel=7 dont-throttle-netmasks=192.168.0.0/21,172.0.0.0/8,10.0.0.0/8 /etc/containers/pihole/environment/pihole.env: PROXY_LOCATION=192.168.2.73 FTLCONF_REPLY_ADDR4=192.168.2.73 PIHOLE_DNS_=192.168.2.73#7053 TZ=Europe/Stockholm WEBPASSWORD=SECRETWEBPIHOLE QUERY_LOGGING=True INTERFACE=ens18
Tests are run from runner03(192.168.2.73)
root@runner03:~# dig mx svealiden.se @192.168.2.73 -p 8053 ; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> mx svealiden.se @192.168.2.73 -p 8053 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31309 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;svealiden.se. IN MX ;; ANSWER SECTION: svealiden.se. 3600 IN MX 10 mail.svealiden.se. svealiden.se. 3600 IN MX 20 mail2.svealiden.se. ;; ADDITIONAL SECTION: mail.svealiden.se. 3600 IN A 192.0.2.3 ;; Query time: 0 msec ;; SERVER: 192.168.2.73#8053(192.168.2.73) (UDP) ;; WHEN: Thu Aug 31 17:57:03 UTC 2023 ;; MSG SIZE rcvd: 100 root@runner03:~# dig mx svealiden.se @192.168.2.73 -p 7053 ; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> mx svealiden.se @192.168.2.73 -p 7053 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48796 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;svealiden.se. IN MX ;; ANSWER SECTION: svealiden.se. 3225 IN MX 20 mail2.svealiden.se. svealiden.se. 3225 IN MX 10 mail.svealiden.se. ;; Query time: 0 msec ;; SERVER: 192.168.2.73#7053(192.168.2.73) (UDP) ;; WHEN: Thu Aug 31 17:57:11 UTC 2023 ;; MSG SIZE rcvd: 84 root@runner03:~# dig mx svealiden.se @192.168.2.73 ; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> mx svealiden.se @192.168.2.73 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26372 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;svealiden.se. IN MX ;; ANSWER SECTION: svealiden.se. 3221 IN MX 20 mail2.svealiden.se. svealiden.se. 3221 IN MX 10 mail.svealiden.se. ;; Query time: 4 msec ;; SERVER: 192.168.2.73#53(192.168.2.73) (UDP) ;; WHEN: Thu Aug 31 17:57:15 UTC 2023 ;; MSG SIZE rcvd: 84