docker-pihole-unbound/README.md

# Pi-Hole + Unbound on Docker

#### (Synology-compatible!)

## Description

Running Pi-Hole in Docker can be challenging due to networking requirements by Pi-Hole, this is especially true when the ports that Pi-Hole uses are shared by the host it's running on (this is true for Synology in the default configuration).

This project uses a [`macvlan` Docker network](https://docs.docker.com/network/macvlan/) to place your containers on your main network, with their own IP addresses and MAC addresses. Pi-Hole uses Unbound as it's resolver, and Unbound uses Cloudflare (1.1.1.1) upstream in order to support DNSSEC and DNS-over-TLS.

- This docker-compose runs the following 2 containers
  - Pi-Hole ([pihole/pihole](https://hub.docker.com/r/pihole/pihole)) - Official from Pi-Hole
  - Unbound ([mvance/unbound](https://hub.docker.com/r/mvance/unbound)) - There are several choices here but I like this one the best


## Instructions

### Hold your horses and configure some stuff first...

- Update docker-compose to match your environment, eg. IP addresses/subnets. 
- Add a `.env` file next to the docker-compose.yaml so you can pass in the `${WEBPASSWORD}` - this is your Pi-Hole admin password. You can optionally leave this step out and set the password via CLI (`pihole -a -p`) after the Pi-Hole is running
- Update the secondary/backup nameserver in the `resolv.conf` file, or remove it if you don't have a backup (would recommend having one!)
- Lastly, optionally, you can provide some manual DNS entries in the `dnsmasq.conf` and/or `hosts` files

### Run it!

```bash
sudo docker-compose up -d
```

### Test it!

Test your configuration with dig

> __Note__: change the IP to your new Pi-Hole's IP

```bash
dig google.com @192.168.1.248
# Expecting "status: NOERROR"
```

You can also test for DNSSEC functionality:

```bash
dig sigfail.verteiltesysteme.net @192.168.1.248
# Expecting "status: SERVFAIL"

dig sigok.verteiltesysteme.net @192.168.1.248
# Expecting "status: NOERROR"
```

### Serve it! 

If all looks good, configure your router/DHCP server to serve your new Pi-Hole IP address (`192.168.1.248`) to your clients. 

> Note: it may take some time for the current DHCP leases to renew and for clients to get the new DNS service info -- generally the default is 24 hours or less.


##  Acknowledgements

- [http://tonylawrence.com/posts/unix/synology/free-your-synology-ports/][synology-ports]
- [https://github.com/MatthewVance/unbound-docker][unbound-docker]
- [https://pi-hole.net][pihole]
- [https://nlnetlabs.nl/projects/unbound/about/][unbound]

[synology-ports]: http://tonylawrence.com/posts/unix/synology/free-your-synology-ports/
[unbound-docker]: https://github.com/MatthewVance/unbound-docker
[pihole]: https://pi-hole.net
[unbound]: https://nlnetlabs.nl/projects/unbound/about/
Updated README 2019-02-05 06:01:38 +01:00			`# Pi-Hole + Unbound on Docker`

			`#### (Synology-compatible!)`
Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00
			`## Description`

			`Running Pi-Hole in Docker can be challenging due to networking requirements by Pi-Hole, this is especially true when the ports that Pi-Hole uses are shared by the host it's running on (this is true for Synology in the default configuration).`

			This project uses a [`macvlan` Docker network](https://docs.docker.com/network/macvlan/) to place your containers on your main network, with their own IP addresses and MAC addresses. Pi-Hole uses Unbound as it's resolver, and Unbound uses Cloudflare (1.1.1.1) upstream in order to support DNSSEC and DNS-over-TLS.

Updated README 2019-02-05 06:01:38 +01:00			`- This docker-compose runs the following 2 containers`
Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00			`- Pi-Hole ([pihole/pihole](https://hub.docker.com/r/pihole/pihole)) - Official from Pi-Hole`
Updated README 2019-02-05 06:01:38 +01:00			`- Unbound ([mvance/unbound](https://hub.docker.com/r/mvance/unbound)) - There are several choices here but I like this one the best`
Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00
Updating README 2019-02-03 02:04:08 +01:00
Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00			`## Instructions`

Updated README 2019-02-05 06:01:38 +01:00			`### Hold your horses and configure some stuff first...`
Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00
Updated README 2019-02-05 06:01:38 +01:00			`- Update docker-compose to match your environment, eg. IP addresses/subnets.`
			- Add a `.env` file next to the docker-compose.yaml so you can pass in the `${WEBPASSWORD}` - this is your Pi-Hole admin password. You can optionally leave this step out and set the password via CLI (`pihole -a -p`) after the Pi-Hole is running
			- Update the secondary/backup nameserver in the `resolv.conf` file, or remove it if you don't have a backup (would recommend having one!)
			- Lastly, optionally, you can provide some manual DNS entries in the `dnsmasq.conf` and/or `hosts` files
Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00
Updating README 2019-02-03 02:04:08 +01:00			`### Run it!`
Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00
			```bash
			`sudo docker-compose up -d`
			```

Updating README 2019-02-03 02:04:08 +01:00			`### Test it!`
Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00
Updated README 2019-02-05 06:01:38 +01:00			`Test your configuration with dig`

			`> __Note__: change the IP to your new Pi-Hole's IP`
Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00
			```bash
Updating README 2019-02-03 01:54:52 +01:00			`dig google.com @192.168.1.248`
Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00			`# Expecting "status: NOERROR"`
			```

			`You can also test for DNSSEC functionality:`

			```bash
Updating README 2019-02-03 01:54:52 +01:00			`dig sigfail.verteiltesysteme.net @192.168.1.248`
Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00			`# Expecting "status: SERVFAIL"`

Updating README 2019-02-03 01:54:52 +01:00			`dig sigok.verteiltesysteme.net @192.168.1.248`
Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00			`# Expecting "status: NOERROR"`
			```

Updating README 2019-02-03 02:04:08 +01:00			`### Serve it!`

Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00			If all looks good, configure your router/DHCP server to serve your new Pi-Hole IP address (`192.168.1.248`) to your clients.

Updated README 2019-02-05 06:01:38 +01:00			`> Note: it may take some time for the current DHCP leases to renew and for clients to get the new DNS service info -- generally the default is 24 hours or less.`

Updating README and cleaning up docker-compose 2019-02-03 01:53:58 +01:00
Updating README 2019-02-03 02:04:08 +01:00			`## Acknowledgements`
Adding acknowledgements 2019-02-03 01:36:02 +01:00
Updating README 2019-02-03 02:06:50 +01:00			`- [http://tonylawrence.com/posts/unix/synology/free-your-synology-ports/][synology-ports]`
			`- [https://github.com/MatthewVance/unbound-docker][unbound-docker]`
			`- [https://pi-hole.net][pihole]`
			`- [https://nlnetlabs.nl/projects/unbound/about/][unbound]`

			`[synology-ports]: http://tonylawrence.com/posts/unix/synology/free-your-synology-ports/`
			`[unbound-docker]: https://github.com/MatthewVance/unbound-docker`
			`[pihole]: https://pi-hole.net`
			`[unbound]: https://nlnetlabs.nl/projects/unbound/about/`