Portfolio
  • About me
  • Homelab
    • Overview
    • Backups Strategies
    • Network Segmentation
    • OPNsense Firewall & Router
    • WireGuard VPN
    • Pi-hole DNS sinkhole
    • Unbound as recursive DNS
    • Active Directory Domain Controller
      • AD Users and Computers
      • Group Policy Object
  • Documentation
    • Create Windows 2019 Server on Proxmox
Powered by GitBook
On this page
  • Objective
  • Install and configure Pi-hole docker on my Unraid server
  • Configure upstream DNS setting and Adlists/Blocklists
  • Upstream DNS setting
  • Adlists/Blocklists
  • Configure DNS on OPNsense router and endpoint devices
  • Checking query log
  • Conclusion
  1. Homelab

Pi-hole DNS sinkhole

PreviousWireGuard VPNNextUnbound as recursive DNS

Last updated 9 months ago

Objective

  • Install and configure Pi-hole docker on my Unraid server.

  • Configure upstream DNS setting and Adlists/Blocklists

  • Configure clients DNS manually and router DNS.

Install and configure Pi-hole docker on my Unraid server

Unraid supports community applications plugin, and I navigate there and install pihole docker by Spants's Repository.

Follow official docker-compose.yml, I set the repository "pihole/pihole:latest" to download pihole image, add parameters "--cap-add=NET_ADMIN" to be able to run Pi-hole as DHCP server.

Create static IP address "192.168.1.9"

Set TCP/UDP port number to 53.

Configure upstream DNS setting and Adlists/Blocklists

After saved my configuration, Unraid will download docker image and start my docker automatically.

Upstream DNS setting

Once I accessed Pi-hole web GUI, I navigated to Settings > DNS.

I selected Cloudflare as my upstream DNS for faster queries speed.

I enabled "Permit all origins" because I also use this DNS server for my VPN.

For advanced DNS setting, I selected "Enable DNSSEC", this can help avoid DNS poisoning attack.

Adlists/Blocklists

I started adding a few blocklists, which are provided by The firebog.

I did not add many blocklists to my pi-hole to prevent false positives, which could cause more inconvenience.

Configure DNS on OPNsense router and endpoint devices

Navigated to Services > DHCPv4 > LAN interface, and entered the Pi-hole IP address in DNS option.

This would route any DNS queries of endpoint devices on LAN interface to Pi-hole.

For devices were using static IP address, I configured their prefer DNS point to Pi-hole

Checking query log

Once I configured everything, I went check to see if pi-hole was getting any queries.

For more information, I navigated to query log.

Conclusion

In summary, Pi-hole is an excellent open-source DNS server that effectively filters out bogus, malware, and adult domains according to my preferences. It plays a crucial role in protecting my family's privacy by blocking trackers across many websites.

However, at its core, Pi-hole is primarily a DNS forwarder, though it can also serve as a home recursive DNS. To further enhance my family's privacy, especially from large ISPs, I'm exploring better DNS servers that support DNS-over-TLS or DNS-over-HTTPS.