Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unusually long queries when container in macvlan network #86

Open
axeleroy opened this issue Aug 6, 2022 · 0 comments
Open

Unusually long queries when container in macvlan network #86

axeleroy opened this issue Aug 6, 2022 · 0 comments

Comments

@axeleroy
Copy link

axeleroy commented Aug 6, 2022

Hello,

I have my PiHole set up in a macvlan network and wanted to add unbound within it. Unfortunately, DNS queries to unbound are unusually long.

# Query made from the pihole container
dig @unbound google.com +timeout=120

; <<>> DiG 9.16.27-Debian <<>> @unbound google.com +timeout=120
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33490
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; Query time: 70430 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Sat Aug 06 17:31:20 CEST 2022
;; MSG SIZE  rcvd: 39

When the container is set in a bridge network, queries are under 100ms. I can't wrap my head around why DNS queries would take 700 times longer because unbound is in a macvlan network.

For context, here is my docker-compose

version: '3'

services:

  pihole:
    container_name: pihole
    image: pihole/pihole:2022.07.1
    depends_on:
      - unbound
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
    environment:
      TZ: "Europe/Paris"
      WEBPASSWORD: "xxx"
      SERVER_IP: "192.168.0.153"
      # DNS1: "unbound"
      DNS1: "1.1.1.1" # Had to revert to CloudFlare's DNS
    volumes:
      - /home/axel/pihole/etc-dnsmasq.d:/etc/dnsmasq.d
      - /home/axel/pihole/etc-pihole:/etc/pihole
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    networks:
      macvlan_eth1:
        ipv4_address: 192.168.0.153

  unbound:
    container_name: unbound
    image: klutchell/unbound:latest
    restart: unless-stopped
    networks:
      - macvlan_eth1
  
  tls-proxy:
    image: dns-over-tls:latest-arm
    container_name: pihole-tls-proxy
    depends_on:
      - pihole
    ports:
      - "853:853/tcp"
    environment:
      DNS_UPSTREAM_ADDRESS: "pihole"
      DNS_UPSTREAM_PORT: 53
      TLS_CERTIFICATE: "xxx"
      TLS_CERTIFICATE_KEY: "xxx"
    volumes:
      - bunkerweb_bunkerweb-data:/certificates:ro
    networks:
      macvlan_eth1:
        ipv4_address: 192.168.0.154
   
networks:
  macvlan_eth1:
    driver: macvlan
    driver_opts:
      parent: eth1
    ipam:
      config:
        - subnet: "192.168.0.0/24"
          ip_range: "192.168.0.128/26"
          gateway: "192.168.0.1"
 
volumes:
  bunkerweb_bunkerweb-data:
    external: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@axeleroy