Solved Run AdGuard as DNS on my NAS through Docker

Currently reading
Solved Run AdGuard as DNS on my NAS through Docker

Hi there,

Very happy to find this place where I might get some precious help!
I'm running through docker and docker-compose, AdGuard (kind of PiHole) on my Synology NAS.
My NAS is up to date.

As I want to use it as DNS on my router, I need it run on the port 80 (as not all devices can manage a DNS with a specific port).
To be able to do that, I have create a docker macvlan network following a nice tutorial found online.

Nevertheless, a macvlan can be accessed by all devices on the network expect by the host (my NAS) itself.
I learned that today while search how to solve my issue for hours :(

I would like to find a way to solve this for the following reasons:
  • It's annoying
  • I can't access it from other containers
  • My Syno can't use the DNS
  • The reverse proxy from the Syno can't go its job to provide HTTPS as it cant access it
Leads I have tried to dig:
  • Free 80/443 of my Syno, don't really like forcing stuff and didn't work
  • Using ipvlan instead of macvlan but Synology current Docker version seems to not support it

I have attached here the Reverse Proxy settings + the docker compose file.

Thanks for reading this. I hope someone as a solution.

Best
 

Attachments

  • reverse-general.PNG
    reverse-general.PNG
    10.4 KB · Views: 542
  • reverse-header.PNG
    reverse-header.PNG
    8.8 KB · Views: 525
  • reverse-advanced.PNG
    reverse-advanced.PNG
    9.3 KB · Views: 497
  • adguard.txt
    1.3 KB · Views: 136
I believe the dockers have to be connected to some kind of different docker bridge network. Then the NAS and other dockers connected to that network should then use the IP address of that different docker network. I've been trying to figure this out but no success.

Docker is starting to become less and less attractive to me...
 
A kernel security feature forbids that a macvlan ip and its parent network interface can communicate with each other. This is not a restriction of docker.

The section Host access of this blogpost Using Docker macvlan networks · The Odd Bit covers what needs to be done. Though, the solution will be ephemaral and needs to be reapplied on nas restart. Make sure to put those commands into a task@system start.

@Shadow: what is a docker? Are you refering to containers as dockers? if so, why?!
 
Last edited:
@Shadow: what is a docker? Are you refering to containers as dockers? if so, why?!

I should get a good night sleep before I post stuff via my mobile phone.

The section Host access of this blogpost Using Docker macvlan networks · The Odd Bit covers what needs to be done. Though, the solution will be ephemaral and needs to be reapplied on nas restart. Make sure to put those commands into a task@system start.

So if this is done right, then the host NAS can communicate to the containers with it's macvlan IP address? That would be awesome! Gonna look into this. Thanks!

Could you please link it? :)

If you'd use the search function on this forum, then you'd find this threat.
 
A kernel security feature forbids that a macvlan ip and its parent network interface can communicate with each other. This is not a restriction of docker.
I have read that afterwards that security is showing that the solution I chose have backside.

The section Host access of this blogpost Using Docker macvlan networks · The Odd Bit covers what needs to be done. Though, the solution will be ephemaral and needs to be reapplied on nas restart. Make sure to put those commands into a task@system start.
I will look this asap, thanks a lot for this information!
 
The section Host access of this blogpost Using Docker macvlan networks · The Odd Bit covers what needs to be done. Though, the solution will be ephemaral and needs to be reapplied on nas restart. Make sure to put those commands into a task@system start.

I will look this asap, thanks a lot for this information!

Well I can confirm that this indeed works...

1588266359812.png


My gosh. This is sweet. So now on the Synology DNS package I can just set the LAN IP of my AdGuard docker container as forwarder. And I can also confirm this works!
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I have no idea what you are doing, but I just tested it based on the instructions of the guide you linked...
Replies
11
Views
2,593
  • Question
It is realy not complicated to translater container arguments to Synology UI settings. Here is what each...
Replies
2
Views
1,842
Same here This worked for me: Task script: #!/bin/bash cd /volume1/docker/[directory where...
Replies
10
Views
5,779
@one-eyed-king , I have tried your first step: sudo synogroup --add docker and encounter the following...
Replies
11
Views
30,671
Thank you for your feedback on the matter. There is no need to break this into multiple topics considering...
Replies
30
Views
9,482

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top