Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

0
Pi-Hole on Synology NAS via Docker
Post Body

Hello!

How can I have Pi-Hole doing DHCP via Docker on my Synology NAS ?

So I was getting this error:

DNSMASQ_CONFIG FTL failed to start due to process is missing required capability NET_ADMIN

Which I have resolved by changing the username environmental variable to root as per here:

https://github.com/pi-hole/docker-pi-hole/issues/814

However, I now get this when disabling the DHCP capability from my router and enabling the one from the Pi-Hole:

PHP error (2): fsockopen(): unable to connect to 127.0.0.1:4711 (Connection refused) in /var/www/html/admin/scripts/pi-hole/php/FTL.php:47

Do I need to have these in somewhere ? If so, where ?

https://github.com/pi-hole/docker-pi-hole#note-on-capabilities

"Note on Capabilities

DNSMasq / FTLDNS expects to have the following capabilities available:

  • CAP_NET_BIND_SERVICE
    : Allows FTLDNS binding to TCP/UDP sockets below 1024 (specifically DNS service on port 53)
  • CAP_NET_RAW
    : use raw and packet sockets (needed for handling DHCPv6 requests, and verifying that an IP is not in use before leasing it)
  • CAP_NET_ADMIN
    : modify routing tables and other network-related operations (in particular inserting an entry in the neighbor table to answer DHCP requests using unicast packets)
  • CAP_SYS_NICE
    : FTL sets itself as an important process to get some more processing time if the latter is running low
  • CAP_CHOWN
    : we need to be able to change ownership of log files and databases in case FTL is started as a different user than pihole

This image automatically grants those capabilities, if available, to the FTLDNS process, even when run as non-root.
By default, docker does not include the NET_ADMIN
capability for non-privileged containers, and it is recommended to explicitly add it to the container using --cap-add=NET_ADMIN
.
However, if DHCP and IPv6 Router Advertisements are not in use, it should be safe to skip it. For the most paranoid, it should even be possible to explicitly drop the NET_RAW
capability to prevent FTLDNS from automatically gaining it."

The end goal here is for Pi-Hole to do my DHCP and so that I can see the dynamic hostnames instead of inputting them manually into the /etc/hosts file.

Thx :)

Author
Account Strength
80%
Account Age
5 years
Verified Email
Yes
Verified Flair
No
Total Karma
44
Link Karma
22
Comment Karma
22
Profile updated: 1 day ago
Posts updated: 7 months ago
BISU47

Subreddit

r/pihole

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
1 year ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/pihole/comm...