Upgrade from diginc/pi-hole to pihole/pihole docker [BROKEN PERFORMANCE]

[mil1i]

This is a...

• Request for a new or modified feature
• Issue trying to run the docker image
• Issue trying to build / test / develop the docker image

Description

I recently decided to try and make the jump to the new pihole/pihole:latest (v4.0) build in docker from the diginc/pi-hole:debian (v3.3.1). I have had to revert back because the new version has terrible performance issues.

Main issue is that it will randomly stop processing queries or get hung maybe? This will last ~1m or so, and it doesn't happen at specific intervals it will just randomly occur.

After reading through another issue #328, regarding the addition of custom PUID and PGID, I do notice that with the new version two new files, "pihole-FTL.conf" and "regex.list" are created in the directory owned by systemd-bus-proxy:ssh_keys.

On CentOS, id 999 is systemd-bus-proxy. Now, I created a new empty directory and ran this new container against it and same ownership was applied and ran into the same issues with a new/empty config. Everything else remains owned by root:root.

I was initially running on CentOS's base repo docker install (v1.17), but I tried removing and installing from Docker's repo docker-ce and same thing still happens however it does seem to resolve queries quicker.

Expected Behavior

Fast, consistent DNS queries without interruptions.

Actual Behavior

Inconsistent DNS queries that can take upwards of ~1m to resolve, even from cached queries. Causing sites to take a very long time to load.

Possible Fix

Not sure if this is possibly a permission related issue? Not sure what to search for in the logs that might cause this issue. Tried grep'ing for error and didn't find anything relevant.

Steps to Reproduce and debugging done

e.g. your docker run command, pages to visit, CLI commands you ran
Run command with issues:

docker run -d \
      --name=pihole \
      -h $myhostpihole \
      --restart=always \
      --net $mynet \
      --ip 172.30.0.20 \
      --dns 127.0.0.1 \
      --dns 1.1.1.1 \
      --cap-add=NET_ADMIN \
      -p 53:53/tcp -p 53:53/udp \
      -p 443:443 \
      -p 80:80 \
      -p 67:67/udp \
      -v /opt/pihole/dnsmasq.d/:/etc/dnsmasq.d/:rw \
      -v /opt/pihole/:/etc/pihole/:rw \
      -e ServerIP=$myip \
      -e ServerIPv6=$myip6 \
      -e TZ=America/Denver \
      -e DNS1=1.1.1.1 \
      -e DNS2=1.0.0.1 \
      -e DNS3=2606:4700:4700::1111 \
      -e DNS4=2606:4700:4700::1001 \
      -e VIRTUAL_HOST=$myhost \
      pihole/pihole:latest

Run command for old docker that this issue does not occur:

docker run -d \
      --name=pihole \
      -h $myhostpihole \
      --restart=always \
      --net $mynet \
      --ip 172.30.0.20 \
      --dns 127.0.0.1 \
      --cap-add=NET_ADMIN \
      -p 53:53/tcp -p 53:53/udp \
      -p 443:443 \
      -p 80:80 \
      -p 67:67/udp \
      -v /opt/pihole-diginc/dnsmasq.d/:/etc/dnsmasq.d/:rw \
      -v /opt/pihole-diginc/:/etc/pihole/:rw \
      -e ServerIP=$myip \
      -e ServerIPv6=$myip6 \
      -e TZ=America/Denver \
      -e DNS1=1.1.1.1 \
      -e DNS2=1.0.0.1 \
      -e DNS3=2606:4700:4700::1111 \
      -e DNS4=2606:4700:4700::1001 \
      -e VIRTUAL_HOST=$myhost \
      diginc/pi-hole:debian

Debug steps I have tried

• I have tried destroying my container instance, pulling the newest image version, and re-creating a new container
• I have tried running the nearly stock docker run example in the readme (removing any customizations I added)
• I have tried running without my volume data mounts to eliminate volumes as the cause
• I have searched this repository for existing issues and pull requests that look similar

Context and extra information

Inconsistent connectivity in a way, as I am unable to resolve domains from time to time. So I keep returning to the old diginc/pi-hole image. I now have separate volumes that I am using to switch back and forth to test.

Your Environment

• Docker Host Operating System and OS Version:
  CentOS Linux release 7.5.1804 (Core) 3.10.0-862.14.4.el7.x86_64
• Current Docker Version: Docker version 18.06.1-ce, build e68fc7a
• Initial upgrade was on Docker version 1.17 something from CentOS repo's
• Hardware architecture: x86/64

[mil1i]

I believe I found the issue; which was my US DNS servers in my router's WAN settings in conjunction with the new Conditional Forwarding settings in the new Pihole docker image. This pointed out a fault in my router settings (which must have been like that for some time).

I updated my US DNS servers to Cloudflare in my router and it appears to have resolved my issue so far.

This was causing lb._dns_sd's to perform a routing loop which would then kill the connection temporarily.

[mil1i]

I believe I found the issue; which was my UpStream DNS servers in my router's WAN settings in conjunction with the new Conditional Forwarding settings in the new Pihole docker image. This pointed out a fault in my router settings (which must have been like that for some time), but never caused an issue with the previous version as it didn't implement CF.

I updated my US DNS servers to Cloudflare in my router and it appears to have resolved my issue so far.

This was causing lb._dns_sd's to perform a routing loop which would then kill the connection temporarily.

[diginc]

Do the logs indicate any abnormal behavior happening, like restarting of services, errors, or other thrashing? docker logs pihole gets you everything since the container was created - if you want to start watching the logs from the latest output I use this command docker logs -f --tail=10

Docker offers a stats command to show CPU / Mem / Network / Storage usage too, maybe worth seeing if docker stats pihole indicates high utilization.

The UID/GID being different inside and outside of a container is to be expected, I can't imagine it causing a stability problem like you're describing. You could always run without volumes to eliminate the file system / volumes on the host wrecking the container.

Edit: woops, saw your reply after submitting - page didn't update from when I opened the tab earlier.

Glad you got it figure dout.

[mil1i]

pihole 0.04% 284.9MiB / 9.607GiB 2.90% 24.8MB / 48.7MB

I did find one thing in the logs, but nothing with the container crashing, or anything of the sort. It was getting stuck in a routing loop with lb._dns_sd.udp.0.0.10.arp blah between pihole and my router. I have an Asus router running Merlin firmware, and but the Forward local domain queries to upstream DNS is and has been set to No so I'm not sure why this was happening.

Anywho, my US DNS servers on my router was previously set to the Pihole device and I have updated that to point to Cloudflare DNS servers (Device > Pihole > Router > Interwebs). Kind of surprised this wasn't effecting me before.

I haven't had any issues since making that change so far. If I experience it again, I will check the logs again and repost.

[mil1i]

pihole 0.04% 284.9MiB / 9.607GiB 2.90% 24.8MB / 48.7MB

I did find one thing in the logs, but nothing with the container crashing, or anything of the sort. It was getting stuck in a routing loop with lb._dns_sd.udp.0.0.10.arp blah between pihole and my router. I have an Asus router running Merlin firmware, and but the Forward local domain queries to upstream DNS is and has been set to No so I'm not sure why this was happening.

Anywho, my US DNS servers on my router was previously set to the Pihole device and I have updated that to point to Cloudflare DNS servers (Device > Pihole > Router > Interwebs). Kind of surprised this wasn't effecting me before.

I haven't had any issues since making that change so far. If I experience it again, I will check the logs again and repost.

[diginc]

Github web interface is broken :) I saw your update through email