simono41/docker-pihole-unbound
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
No description
9 commits 1 branch 30 tags 97 KiB
Shell 53.9%
Dockerfile 46.1%
Find a file
Chris Crowe 4a0bc16dcb Updated README
2019-02-04 21:01:38 -08:00
pihole Adding some support files 2019-02-02 16:34:00 -08:00
.gitignore Adding docker-compose.yaml 2019-02-02 16:28:14 -08:00
docker-compose.yaml Updating README and cleaning up docker-compose 2019-02-02 16:53:58 -08:00
README.md Updated README 2019-02-04 21:01:38 -08:00

README.md

Pi-Hole + Unbound on Docker

(Synology-compatible!)

Description

Running Pi-Hole in Docker can be challenging due to networking requirements by Pi-Hole, this is especially true when the ports that Pi-Hole uses are shared by the host it's running on (this is true for Synology in the default configuration).

This project uses a macvlan Docker network to place your containers on your main network, with their own IP addresses and MAC addresses. Pi-Hole uses Unbound as it's resolver, and Unbound uses Cloudflare (1.1.1.1) upstream in order to support DNSSEC and DNS-over-TLS.

  • This docker-compose runs the following 2 containers
    • Pi-Hole (pihole/pihole) - Official from Pi-Hole
    • Unbound (mvance/unbound) - There are several choices here but I like this one the best

Instructions

Hold your horses and configure some stuff first...

  • Update docker-compose to match your environment, eg. IP addresses/subnets.
  • Add a .env file next to the docker-compose.yaml so you can pass in the ${WEBPASSWORD} - this is your Pi-Hole admin password. You can optionally leave this step out and set the password via CLI (pihole -a -p) after the Pi-Hole is running
  • Update the secondary/backup nameserver in the resolv.conf file, or remove it if you don't have a backup (would recommend having one!)
  • Lastly, optionally, you can provide some manual DNS entries in the dnsmasq.conf and/or hosts files

Run it!

sudo docker-compose up -d

Test it!

Test your configuration with dig

Note

: change the IP to your new Pi-Hole's IP

dig google.com @192.168.1.248
# Expecting "status: NOERROR"

You can also test for DNSSEC functionality:

dig sigfail.verteiltesysteme.net @192.168.1.248
# Expecting "status: SERVFAIL"

dig sigok.verteiltesysteme.net @192.168.1.248
# Expecting "status: NOERROR"

Serve it!

If all looks good, configure your router/DHCP server to serve your new Pi-Hole IP address (192.168.1.248) to your clients.

Note: it may take some time for the current DHCP leases to renew and for clients to get the new DNS service info -- generally the default is 24 hours or less.

Acknowledgements