This may be a long shot but I have a docker host running on a Debian 11 VM that runs roughly 30 containers. Every morning around 7:30AM I have a huge spike (~7,000) DNS queries from my Docker host VM for *.docker.io domains.

Screenshot 2023-06-23 at 4.11.15 PM969×834 99 KB

In 1 second my Docker host makes about 7,000 DNS queries to my PiHole instance for those domains which are all answered via cache from my PiHole. I’ve poked around in syslog and messages on my Docker host but I’m not seeing anything standing out. Any suggestions would be greatly appreciated. Thank you.

Sounds like something that checks for the availability of new images is running on a schedule.

Tools like Watchtower or diun might be responsible, or a cronjob that runs docker compose pull for several compose files.

I think you’re right. I have a container “dockcheck-web” that checks for updates for all of my docker containers. I looked at the logs in dozzle for dockcheck-web and didn’t see anything glaringly obvious. I then did a monitor session on my pihole logs and did a manual update scan from dockcheck-web and it goes bonkers with waaaaay too many dns queries. Thank you! I think I’ll be looking for a different way to monitor my containers for updates moving forward. I appreciate your help!