Hello, I have a problem with docker and my network setup.

I have a Raspberry Pi as Router, Firewall, and also as AD DC.
I know this is not an optimal setup, but I want to keep the active devices as small as possible to save energy.

I want to run PiHole on the Pi but I’m running also BIND as DNS server for the AD DC.
Forwarding from pihole to bind is not possible and the reverse scenario loses any information about the clients.
The only alternative is to define BIND as the primary DNS and PiHole as the second.

The other problem is, I have multiple subnets divided with VLANs and in addition to PiHole, there is also an Unifi and a proxy container with the same problems.

My first attempt was the use of macvlan to connect the PiHole container to the network with its own IP, but the container had no internet connection, because of the macvlan and the fact that the container was running on the gateway, so forwarding requests and updating the blocklist were impossible.

My second attempt was the docker-net-dhcp plugin, the container had internet, I could define firewall rules to block ports for specific IPs and I could also define multiple network interfaces per container. But I could only define one mac address, so only one interface could be assigned with a fixed IP address.

My last attempt was the manual way with veth and nsenter, this worked like a charm, I could define firewall rules with nftables to block ports for specific IPs, but the setup was laborious and non-persistent.

Is there any other way a can achieve a VM like bridge setup with docker?