I took a look at the awesome self-hosted repo and found DailyTxt. I have no experience with it but maybe worth a try?

Well, I have not really thought about why. I guess that’s partly due to old habits of running services on the host with systemd (my migration to docker is recent and still a work in progress). But I guess I’d like to continue to be able to resolve names of local devices on my network when connected through ssh on the host. Is that inherently wrong, still? I will implement the secondary DNS as a fallback. I am hoping to get rid of the issue that way.

Yes, others have suggested something similar. I’ll do that first because it is easy. Monitoring-wise, I should already be covered but since prometheus is running on the same server, it was down during the outage. There is room for improvement, for sure! I have a couple of RPis on my network that I can leverage for better monitoring.

Your suggestion looks similar to this other comment and makes sense. I’ll try that!

I have never managed to wrap my head around DoH and DoT but this is on my todo list ^^

I didn’t know dnsmasq has an adblock plugin, I’ll have a look. Originally, I was using dnsmasq alone (running on bare metal). Then I migrated to docker and added pi-hole for ad blocking. I tried to get rid of dnsmasq but pi-hole’s embedded DHCP is not as configurable as dnsmasq’s and I could not address my use case.

Thanks a lot for your time!

I see. I kind of thought about it earlier today while mulling over the problem. I can definitely do that first because it’s easy and makes total sense.

I already have prometheus monitoring the DNS resolution, I think. I’ll check!

Thanks for taking the time to answer!

Yeah, that was my plan B. To be honest, I was not super confident that it would work when I put this setup together, because of the “host uses a container as DNS and docker uses the host as DNS” kind of circular dependency.

But people do use docker for DNS servers so it has to work, right? That’s where I’d like to understand where I’m wrong. I’m fine with running pi hole and dnsmasq on the host as long as I get why this is not doable in docker.

Thanks for your input, though. That’s helpful.

In both the pi-hole (exposed on the host) and dnsmasq (used as upstream by pi-hole) containers:

# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make
 further changes once it
# has been modified.

nameserver 127.0.0.11
options ndots:0

# Based on host file: '/etc/resolv.conf' (internal res
olver)
# ExtServers: [host(127.0.0.1)]
# Overrides: []
# Option ndots from: internal

So they are pointing to docker’s embedded DNS, itself forwarding to the host.