Pihole container in RouterOS 7.21.1

RouterOS Containers
1

Hi all,

I have been trying to run Pihole on ROS 7.21.1 across several subnets/VLANs. Seems like setting ‘root’ as user for FTH and in dnsmsq.d is required for this but I did not mange to force it to ‘root’.
I believe this is required because this pihole container runs on 10.1.3.4 and can resolve DNS from the same subnet (other containers). It does fail to resolve DNS for other subnets, like my local LAN 192.168.88.0/24.

I have tried to run the container in the same or separate bridges as my LAN and inserted all redirect NAT and IP filter rules to ensure port 53 is redirected. I checked that the pihole container is accessible from LAN and that it also can ping LAN.

Wanted to get your input before sharing the more specific config.
Is there a known bug in Mikrotik container that prevents it from loading ENV variables even if they are properly defined and the mounted directories are empty:
Columns: LIST, KEY, VALUE

LIST KEY VALUE

0 pihole-env DNSMASQ_LISTENING all
1 pihole-env DNSMASQ_USER root
2 pihole-env FTLCONF_LOCAL_IPV4 10.1.3.4
3 pihole-env TZ Europe/Paris
4 pihole-env WEBPASSWORD xxxxxxxxx

Thanks a lot for your input -I hope this makes sense (this is my first post here).

2

Just log into the GUI, go to “Settings” → “DNS” and then select at the “Interface settings” section and select “Permit All Origins”

Done! Now your Pihole will answer to everyone & everything! This is not without danger offcourse, make sure there is some firewalling where needed.

This setting is saved.

3

The variable names have changed a little in v6. This is what I use:

0 name="pihole_envs" key="TZ" value="America/Chicago"

1 name="pihole_envs" key="FTLCONF_webserver_api_password" value="your_password"

2 name="pihole_envs" key="FTLCONF_dns_listeningMode" value="all"

3 name="pihole_envs" key="FTLCONF_dns_reply_host_IPv4" value="your pihole ip"

4 name="pihole_envs" key="FTLCONF_dns_upstreams" value="your upstream IP" (you probably don’t use this)

FTLCONF_dns_listeningMode set to “all” should allow you to do what you want (it’s the same as Permit All Origins” in the GUI). When you set it with the env, do you see Permit All Origins enabled in the GUI? If not, your pihole instance in the container isn’t reflecting the envs you’re setting. https://docs.pi-hole.net/docker/configuration/ is a good resource to see all envs pihole can use. I don’t think you should need to mess with DNSMASQ_USER.

4

Thanks a lot @jvanhambelgium

This was just too easy! Very glad to see this can be managed in the Pihole Web GUI.