PiHole¶
PiHole is a DNS server that can be used primarily as a network wide ad blocker, as well as local DNS for custom queries.
There is an official image for this service that we'll use: pihole/pihole.
Pre-Installation¶
We'll create a folder in the main user's home where all the service's data will be saved.
mkdir ~/services/networking/pihole
Docker Compose¶
PiHole will be run using Docker Compose. The content of the docker-compose.yml
file is as follows:
services:
dns:
image: pihole/pihole:latest
restart: unless-stopped
cap_add:
- NET_ADMIN
networks:
default:
proxy_external:
aliases:
- pihole
ports:
- 53:53
- 53:53/udp
volumes:
- ./config:/etc/pihole
- ./dnsmasq:/etc/dnsmasq.d
environment:
TZ: America/Guayaquil
WEBPASSWORD: PASSWORD
FTLCONF_LOCAL_IPV4: LOCAL_IP
VIRTUAL_HOST: dns.home.example.com
labels:
traefik.enable: true
traefik.docker.network: proxy_external
traefik.http.routers.pihole.rule: Host(`dns.home.example.com`)
traefik.http.routers.pihole.entrypoints: local-https
traefik.http.routers.pihole.tls: true
traefik.http.routers.pihole.tls.certresolver: le
traefik.http.routers.pihole.service: pihole@docker
traefik.http.services.pihole.loadbalancer.server.port: 80
networks:
proxy_external:
external: true
Note
Make sure to change PASSWORD
to a custom secret value.
Note
Make sure to change LOCAL_IP
to the local IP of your server.
Reverse Proxy¶
This service is exposed by a reverse proxy. More specifically, it is using Traefik.
For this reason, you will see that this service has:
- A directive to connect it to the
proxy_external
external network. - A container alias for the
proxy_external
network. - A number of labels with names starting with
traefik
.
If you're not using a reverse proxy, feel free to remove these from the docker-compose.yml
file. Keep in mind you might need to bind the ports to connect to the service instead.
Running¶
Start up the service with:
docker compose up -d
That's it! The service will auto-start on system startup and restart on failure.
Post Configuration¶
With the service up and running, make sure to complete the following steps:
- Head over to
Settings > DNS
and enable the option that saysPermit all origins
. - In
Settings > DNS
, enableGoogle (ECS, DNSSEC)
andCloudflare (DNSSEC)
for bothIPv4
andIPv6
.
Since we're not using PiHole as our DHCP server, we must edit our router's DHCP server to push the server's IP address as the primary DNS server.
- Since my server's local IP address is
192.168.0.4
and my router's IP address is192.168.0.1
, I'll set up my DNS servers as: 192.168.0.4
192.168.0.1
If your router supports IPv6
, make sure to make the same change for the IPv6
DHCP.
- In the case of
IPv6
, make sure to take the local link address for your server. In my case I'll set up my DNS servers as: 2800:....:....
fe80::1
With these changes in place, any device that connects to the router will use PiHole as the DNS resolver.