I was able to get this working with the official pihole docker image.
The trick was to configure dnsmasq to use the --bind-interfaces flag so it wouldn’t conflict with the Balena services. From the dnsmasq man pages:
-z, --bind-interfaces
On systems which support it, dnsmasq binds the wildcard address, even when it is listening on only some interfaces. It then discards requests that it shouldn't reply to. This has the advantage of working even when interfaces come and go and change address. This option forces dnsmasq to really bind only the interfaces it is listening on. About the only time when this is useful is when running another nameserver (or another instance of dnsmasq) on the same machine. Setting this option also enables multiple instances of dnsmasq which provide DHCP service to run in the same machine.
Here’s a snippet from my compose file.
services:
# https://github.com/pi-hole/docker-pi-hole/
# https://hub.docker.com/r/pihole/pihole/
pihole:
image: pihole/pihole:v4.0_armhf
ports:
- '80:80/tcp'
- '80:80/udp'
volumes:
- 'pihole_config:/etc/pihole'
- 'dnsmasq_config:/etc/dnsmasq.d'
entrypoint: ['/bin/bash', '-c', 'echo "bind-interfaces" >> /etc/dnsmasq.conf; /s6-init']
network_mode: host
Here’s my entire stack for reference. I can confirm it’s working on multiple devices today. I’m hoping to update to the latest pihole build this week once the new docker image is available.