DNS returns NXDOMAIN on entries from dnsmasq

[theMajc]

Versions

• Pi-hole: 6.0.6
• AdminLTE: 6.1
• FTL: 6.1
• Docker Tag [2025.04.0]

Platform

• OS and version: Ubuntu 24.04

• Platform: Docker

Expected behavior

Add dnsmasq.d config:

address=/gas.arpa/192.168.1.11

gas.arpa domain and wildcard.gas.arpa subdomains should be resolvable to IP.
In any other device on LAN, or under any docker container with alpine linux distribution, the following should work:

ping ✅ resolves correctly
getent ✅ resolves correctly
nslookup ✅ resolves correctly
curl ✅ works
wget ✅ works

Actual behavior / bug

In MacOS or Ubuntu host, things largely work, except nuances such as nslookup return NXDOMAIN:

$ nslookup gas.arpa
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	gas.arpa
Address: 192.168.1.11
** server can't find gas.arpa: NXDOMAIN

In docker containers with alpine image:

ping ❌ bad address
getent ✅ resolves correctly
nslookup ⚠️ shows correct IP but returns NXDOMAIN
curl ✅ works
wget ❌ bad address

This is an issue because many docker services run with alpine image, and attempting to call APIs running on other services in LAN with custom domain will fail.

I don't know what's causing the request failures under the hood, but here's what GPT suggests:

✅ getent, curl: These rely on glibc's resolver, which respects /etc/nsswitch.conf and falls back to DNS.
❌ ping, wget, Node.js (getaddrinfo): These typically use getaddrinfo(), which may behave differently under musl (used in Alpine), especially with certain domain formats or DNS quirks.
✅ Your DNS server does respond to queries (shown via nslookup), even though it claims NXDOMAIN—likely a quirk in Pi-hole or your custom DNS setup returning conflicting records for the subdomain.

So the key issue is: getaddrinfo() is not resolving the subdomain, even though DNS resolution technically works.

Steps to reproduce

Steps to reproduce the behavior:

1. Spin up a vanilla PiHole docker image (v6)
   Optional: remap port 53 to avoid collision with host, e.g. 59:53
2. Under Settings > DNS > DNS domain settings, set "Pi-hole domain name" value to "arpa" and save.
3. Under Settings > Miscellaneous > misc.dnsmasq_lines (or enable misc.etc_dnsmasq_d and add a /etc/dnsmasq.d/ file, the behavior is the same), add address=/gas.arpa/192.168.1.11
4. Run a docker container with docker run --rm -it alpine sh
5. Test DNS resolution If outside testing container, e.g. on host:
   • nslookup -port=59 wild.gas.arpa 127.0.0.1
   • dig @127.0.0.1 -p 59 wild.gas.arpa +short
     If inside testing container running on host that's also serving pihole container:
   • Find host IP with ip route | grep default - e.g. 172.17.0.1
   • nslookup -port=59 nas.arpa 172.17.0.1

I've A/B tested this against Docker image pihole/pihole:2024.01.0 on pi-hole 5.17, and the above will work as expected (No NXDOMAIN response).

Debug Token

• URL: https://tricorder.pi-hole.net/wCDldidU/

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.

[theMajc]

@dschaper this isn't a pi-hole docker specific issue. I used docker as example because it's easier to reproduce.
I have a pi-hole natively installed on Raspberry Pi with the same behavior.
It would be more appropriate if you move it back.

[yubiuser]

I tried to reproduce your example using the v6 docker image and it wored fine

chris@T14Gen5:~$ nslookup  wild.gas.arpa pi.hole
Server:		pi.hole
Address:	10.0.1.5#53

Name:	wild.gas.arpa
Address: 192.168.1.11

[algax]

I am reproducing, the issue occurs when dns.domain in the pihole config matches part of domain name

[kleinerhobbit]

Same here.

DNS domain setting = lan.local
dns.masq entry =
server=/lan.local/x.y.z.33
server=/lan.ch/x.y.z.33

All DNS-Records from zone lan.local returned NXDOMAIN
All DNS-Records from zone lan.ch returned valid Data

After changing DNS domain setting to pihole.local, DNS-Resolution workes fine immediately

This behavior is observed from Version 2025.05.0.
When i downgrade to 2025.04.0 there is no issue.

[theMajc]

occurs when dns.domain in the pihole config matches part of domain name

Thank you two for the feedback! For the time being this is an easy "fix" that all I need for my setup. I don't particularly need the DNS domain feature for resolving device names.

I'll update that in the reproduce steps. Hopefully this bug gets acknowledged.