I am running dnsmasq for years, where i also use a dns-file to block suspious domains. But since a couple of years i had the wish to migrate this to a docker pihole instance. As i am now migrating to a new server: this is my chance!
So here we go; using https://pimylifeup.com/pi-hole-docker/ as my reference.
First: create the docker-compose.yml:
pihole:
image: pihole/pihole
container_name: pihole
environment:
- WEBPASSWORD=CHANGEME # WebUI password
- TZ="Europe/Amsterdam"
volumes:
- '/opt/pihole/etc-pihole:/etc/pihole'
- '/opt/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp"
- "5353:80/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
This is the docker part, which is not so hard. But as we are running dns/dhcp services in docker, we are conflicting with local services in my ubuntu 24.04 installation. So we have to resolve that:
Disable the DNS Stub listener inside de systemd resolve service:
sudo nano /etc/systemd/resolved.conf -> DNSStubListener=no
sudo rm /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
sudo systemctl restart systemd-resolvedWhen this is done we can start the docker:
docker compose up -dAfter startup you can manage the pihole with http://<ipaddress>:5353/admin/
Ok, this was enough to get dns working, but dhcp is another thing. After reading the docs and doing some troubleshooting, i found the following settings to be working:
- for DHCP usage you need to add the cap_add: – NET_ADMIN option into your docker config.
- You should use “network_mode: “host”“, and remove alle ports settings. When you do that, the following goes possibly wrong:
- The default web-port 80 is used. If you use that for a another webservice, change that with the WEB_PORT environment var.
- Because the change of the network interface, the eth0 port (inside the docker!) is not found anymore. You should lookup inside the docker for the new interface name (ip a), and add this into the environment var INTERFACE. (After resolving this dhcp started working!)
services:
pihole:
image: pihole/pihole
container_name: pihole
environment:
- WEBPASSWORD=password # WebUI password
- TZ='Europe/Amsterdam'
- WEB_PORT=5353
- INTERFACE=eno2
volumes:
- '/opt/pihole/etc-pihole:/etc/pihole'
- '/opt/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
dns: #'DNS resolution is currently not available' solution:
- 192.168.x.x
network_mode: "host"
restart: unless-stopped
cap_add:
- NET_ADMINI also had an issue with a “DNS resolution is currently not available” after i changed the host dns resolver to the pihole..🤦♂️. It took me some time to find a working solution.. Localhost didn’t work for me, so in the end it goes to my routers dns ip.
So here above is my (little bit stripped) working docker-compose.yml.
Experiences..
Client DNS requests limited: Lately (apr/may2025) i experienced some strange behavior, where suddenly my dns seems to stop working; just could not resolve anything. While i was just internetting.. When i logged in into the pihole, i saw a warning under System: “Client <ip> has been rate-limited (current config allows up to 1000 queries in 60 seconds)”. It seems that there’s a setting set for that:
In the /etc/pihole/pihole-FTL.conf is a setting which you can tune. Do not forget to restart pihole dns server after your change:
RATE_LIMIT=2000/60This settings means that er are 2000 requests per client per 60 seconds allowed. (I just doubled the original setting, should be enough. :-)) But jou can change that to to other settings. Setting 0/0 means unlimited.