Udp timeout using pihole through traefik

Hello !

I have deployed traefik 2.3.6 and pihole 5.2 on a docker swarm. I don't understand why I have a connection timeout when trying to dig through traefik...

My traefik compose

  traefik-proxy:
    depends_on:
      - dockerproxy
    hostname: traefik
    image: traefik:v2.3.6
    ports:
      - "80:80"
      - "58080:58080"
      - "443:443"
      - "853:853"
      - "1053:53/tcp"
      - "1053:53/udp"
    env_file:
      - /cluster/config/stacks/common.env
      - /cluster/config/stacks/network/traefik.env
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - network.conf:/etc/traefik/:ro
      - traefik.data:/data
    command:
      - "--log.level=DEBUG"
      - "--accesslog=true"
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--providers.docker.endpoint=tcp://dockerproxy:2375"
      - "--providers.docker.swarmMode=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=net"
      - "--providers.file.filename=/etc/traefik/traefik_dynamic.yml"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.traefik.address=:58080"
      - "--entrypoints.ssh.address=:53222"
      - "--entrypoints.dnsovertls.address=:853"
      - "--entrypoints.dns.address=:53"
      - "--entrypoints.udpdns.address=:53/udp"
      - "--certificatesresolvers.letsencrypt.acme.email=XXXX"
#      - "--certificatesresolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.letsencrypt.acme.caServer=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
      - "--certificatesresolvers.letsencrypt.acme.keyType=EC384"
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.dnsChallenge.provider=ovh"
      - "--certificatesresolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=5"
    networks:
      - net
      - dockersocket
      - public
    deploy:
      restart_policy:
        condition: on-failure

My pihole compose

  pihole:
    hostname: pihole
    image: pihole/pihole:v5.2
    networks:
      - net
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "8888:80"
    env_file:
      - /cluster/config/stacks/common.env
      - /cluster/config/stacks/network/pihole.env
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - pihole.main.data:/etc/pihole
      - pihole.dnsmasq.data:/etc/dnsmasq.d
      - pihole.updatelists.data:/etc/pihole-updatelists
    dns:
      - 127.0.0.1
      - 8.8.8.8
    deploy:
#      replicas: 3
#      mode: global
      restart_policy:
        condition: on-failure
      labels:
        traefik.enable: "true"
        traefik.docker.network: "net"

        # web interface
        traefik.http.routers.pihole.rule: "Host(`ph.{{domain}}`)"
        traefik.http.routers.pihole.entrypoints: "websecure"
        traefik.http.routers.pihole.tls.certresolver: "letsencrypt"
        traefik.http.services.pihole.loadbalancer.server.port: "80"

        # DNS-over-TLS
        traefik.tcp.routers.dnsovertls.rule: "HostSNI(`ph.{{domain}}`)"
        traefik.tcp.routers.dnsovertls.entrypoints: "dnsovertls"
        traefik.tcp.routers.dnsovertls.tls.certresolver: "letsencrypt"
        traefik.tcp.routers.dnsovertls.service: "pihole"

        # Normal DNS coming in on 53 TCP, no TLS
        traefik.tcp.routers.dns.rule: "HostSNI(`ph.{{domain}}`)"
        traefik.tcp.routers.dns.entrypoints: "dns"
        traefik.tcp.routers.dns.service: "pihole"

        # recieves traffic from both the TLS and non-TLS traefik routers
        traefik.tcp.services.pihole.loadbalancer.server.port: "53"

        # Normal DNS coming in on 53 UDP
        traefik.udp.routers.udpdns.entrypoints: "udpdns"
        traefik.udp.routers.udpdns.service: "pihole"
        traefik.udp.services.pihole.loadbalancer.server.port: "53"

What I can see in my log when I use dig

network_traefik-proxy.1.7gsrxk04texg@srvnuc1    | time="2020-12-24T16:03:07+01:00" level=debug msg="Handling connection from 10.0.0.2:44714"

What I get

seb@seb:~/dev/ansible/ansible-deploy-home$ dig @192.168.20.120 google.com -p1053

; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.20.120 google.com -p1053
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

seb@seb:~/dev/ansible/ansible-deploy-home$ dig @192.168.20.120 google.com -p1053 +tcp
;; communications error: end of file

;; communications error: end of file

thanks for your help