No description
Find a file
2019-02-02 16:53:58 -08:00
pihole Adding some support files 2019-02-02 16:34:00 -08:00
.gitignore Adding docker-compose.yaml 2019-02-02 16:28:14 -08:00
docker-compose.yaml Updating README and cleaning up docker-compose 2019-02-02 16:53:58 -08:00
README.md Updating README and cleaning up docker-compose 2019-02-02 16:53:58 -08:00

Pi-Hole + Unbound on Docker (works on Synology)

Description

Running Pi-Hole in Docker can be challenging due to networking requirements by Pi-Hole, this is especially true when the ports that Pi-Hole uses are shared by the host it's running on (this is true for Synology in the default configuration).

This project uses a macvlan Docker network to place your containers on your main network, with their own IP addresses and MAC addresses. Pi-Hole uses Unbound as it's resolver, and Unbound uses Cloudflare (1.1.1.1) upstream in order to support DNSSEC and DNS-over-TLS.

Instructions

Before running

  • Update some things in the docker compose, such as your IP addresses/subnets.
  • Add a .env file next to the docker-compose.yaml so you can pass in the ${WEBPASSWORD}
  • Update the secondary/backup nameserver in the resolv.conf file
  • Lastly you might want to provide some manual DNS entries in the dnsmasq.conf and/or hosts files

Then run it

sudo docker-compose up -d

After

Test your configuration with dig:

dig @192.168.1.248 google.com
# Expecting "status: NOERROR"

You can also test for DNSSEC functionality:

dig sigfail.verteiltesysteme.net @ 192.168.1.248
# Expecting "status: SERVFAIL"

dig sigok.verteiltesysteme.net @ 192.168.1.248
# Expecting "status: NOERROR"

If all looks good, configure your router/DHCP server to serve your new Pi-Hole IP address (192.168.1.248) to your clients.

Acknowledgements