[FCOS] Correct ignition setup for hosting pihole / Port 53

Im not very good in these dns things. Thats why im asking for the most clean solution to get pihole up and running from docker container.

Initially, deploying the container causes an error because port 53 is already used by the system

I did resolve this quick and dirty by executing the following two commands

systemctl disable systemd-resolved.service
systemctl stop systemd-resolved

Now i found the following source, while making up my mind how i could include this into my ignition file

Birch Street Computing - (asynchrono.us)

What steps are necessary, to get the system installed in a clean and complete way

Maybe some of you do have a opinion on this, so that i can try to improve my installation file on my next already planned server migration

Thanks a lot in advance

Modify your Docker run command or Docker Compose file to attach Pi-hole to the newly created network. If you still want to use the standard DNS port (53), you can map it to a different port on the host machine and configure your devices to use that port for DNS queries. Incorporate these changes into your Ignition file to ensure that the Pi-hole container is set up with the correct network settings during server migration.

version: '3'
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    networks:
      - pihole_network
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
    environment:
      TZ: 'Your_Timezone'
      WEBPASSWORD: 'Your_Password'
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

networks:
  pihole_network:
    driver: bridge
1 Like

Thank you very much for taking the time

I have already a running pihole with docker compose and I want to keep port 53 for pihole

So my goal is to just add stuff to the ignition file to "unlock’ port 53 on the host

Do you have a opinion what HAS TO BE included into the ignition file and the file should look like in detail?

if you just want to disable systemd-resolved then adding this to your
butane config (which get’s converted to Ignition) should do it:

systemd:
  units:
    - name: systemd-resolved.service
      enabled: false

And that exactly looks like the steak and lightweight solution I was looking for😂

Thank you very much

OK this does not work,
during installation (where i also start a rebase to ublue with nvidia drivers) a error message appears which seems to be related to resolved.

The image for the rebase can not be found

an error related to DNS resolution, or specifically related to resolved?

I’ve made a podman version, maybe you can use that as inspiration?

Running Pi-hole on Fedora CoreOS

1 Like

Hey man,
thanks for the information

Does this mean there is no conflict with port 53 anymore if this section is used in the bu file?

- path: /etc/systemd/resolved.conf

mode: 0644

contents:

inline: |

[Resolve]

DNSStubListener=no

No conflicts when run as in the repository, but I haven’t tried it with docker.

Below is netstat from the pi-hole host:

core@pi-hole:~$ sudo netstat -tunpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8053            0.0.0.0:*               LISTEN      1272/conmon         
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1211/conmon         
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      828/systemd-resolve 
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1211/conmon         
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1272/conmon         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      927/sshd: /usr/sbin 
tcp6       0      0 :::5355                 :::*                    LISTEN      828/systemd-resolve 
tcp6       0      0 :::22                   :::*                    LISTEN      927/sshd: /usr/sbin 
udp    88064      0 0.0.0.0:53              0.0.0.0:*                           1272/conmon         
udp   214656      0 0.0.0.0:67              0.0.0.0:*                           1272/conmon         
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           828/systemd-resolve 
udp        0      0 127.0.0.1:323           0.0.0.0:*                           906/chronyd         
udp6       0      0 :::5355                 :::*                                828/systemd-resolve 
udp6       0      0 ::1:323                 :::*                                906/chronyd   

(I have a reverse proxy running as well)

Maybe I can try this some day :joy:

Thanks a lot