I am currently trying to run Pi-hole in my tailnet using a containerized approach. I wanted to replicate this tutorial, but since I am only able to use containers in my environment, I modified it a bit.
I am using the following compose file to link a tailscale container with a pi-hole container (the key is the network_mode: service:tailscale part):
version: '3.5'
services:
tailscale:
image: tailscale/tailscale
container_name: tailscale
hostname: pi-hole
restart: unless-stopped
command: tailscaled --tun=userspace-networking
cap_add:
- net_admin
- sys_module
volumes:
- ./data:/var/lib/tailscale
- /dev/net/tun:/dev/net/tun
pihole:
image: pihole/pihole:latest
container_name: tail-dns
restart: unless-stopped
environment:
TZ: Time/Zone
WEBPASSWORD: very-secure-password
network_mode: service:tailscale
volumes:
- ./pihole:/etc/pihole
- ./dnsmasq.d:/etc/dnsmasq.d
This makes the ports 80 and 53 appear in the tailscale dashboard for the container. I am also able to add the tail IP of the container to my DNS and use it that way. The only missing part is differentiating between the clients using pi-hole, since localhost is listed for all requests in the logs. Is this due to my container based configuration or just how tailscale dns works?