Pihole and LXD, side by side

Hello all,

I am running Arch Linux on my fresh install. The intention is to get LXD running (hosting a number of services), together with Pihole (running baremetal) for DNS in my LAN. As I understood, LXD configures a dns service to listen on lxdbr0 by default. I configured Pihole’s dnsmasq service to only listen on the other interfaces, so I don’t get a port conflict when starting it up.

The issue is now that I cannot seem to get a working IP in my containers. In the LXD log I can see the following error:

 lxd[3400]: t=2020-05-12T08:05:37+0200 lvl=eror msg="Failed to bring up network" err="Invalid version format: \"pi-hole-2.81\""

The same pops up when I try to configure a custom network:

$ lxc network create testbr0
Error: Invalid version format: "pi-hole-2.81"

This confuses me slightly: where does LXD retrieve this string from? Additionally: I’m getting the feeling I’m attempting something silly here, should I disable LXD’s networking instead and manually make use of the external services I’m setting up? Would this be the preferred route?

LXD tries to ascertain the version of dnsmasq so that it can pass different configuration flags to it at startup.

It looks like installing PIHole has either modified dnsmasq to use a different version string output or has replaced it with a custom version of dnsmasq.

Can you run pihole inside a container?

Check, having pi-hole modify dnsmasq is not exactly desired on my part. As you said, I’ll try giving a go at running pihole in a container!

Now that I thought a while on running pi-hole in an LXC container I’d try the following:

  • pi-hole in LXC container
  • a couple of services in docker
  • a couple of services in LXC containers
  • traefik in a docker container to route the whole thing

What I’m unsure about now is how I’d best route traffic from within a docker container (e.g. traefik) to an LXC container (e.g. pi-hole, for DNS port). LXC and docker both have their own default bridges. I can imagine a solution with docker/lxc containers with static ip’s, and manually routing everything through iptables? But is that the easiest / optimal solution?