So DNS Black-holing is not new obviously, and what stands out as the go to solution? Pihole probably… and yeah thats what im using because hey its a popular choice. Though I am running it in docker. Combining that with Unbound (also in docker), and configuring outbound DNS to use DNS over TLS, with a few additional minor tweaks, but otherwise mostly standard configuration on both.

Wondering what you guys might be using, and if you are using Pihole and/or Unbound if you have any tips on configuration.

Happy to share my config if there is interest.

  • ohshit604@sh.itjust.worksEnglish
    3·
    7 hours ago

    I got two PiHoles running on my network via Docker Compose, I tried setting up Unbound in Docker-Compose and that fell flat, from my understanding DNSSEC was preventing DNS resolution outright.

    Also tried OpenSense + Unbound which led to the same thing.

    Eventually got tired of having my network cutting in and out over minor changes so I just stuck with Quad9 for my upstream needs.

    • relic4322@lemmy.mlOP
      1·
      5 hours ago

      happy to share my docker-compose with pihole and unbound. im not the original author its a compilation of a few peoples. no issues. normal DNS inside the house DoT outside.

      • ohshit604@sh.itjust.worksEnglish
        1·
        45 minutes ago

        If you don’t mind DM’ing me or dropping it in a comment here it would be greatly appreciated! The docker engine isn’t something entirely new to me so i’m a bit skeptical into thinking that i missed something but always happy to compare with others, actually Docker is what pushed me to switch fully to Linux on my personal computers.

        Snippet from my docker-compose.yml:

          pihole:
    container_name: pihole
    hostname: pihole
    image: pihole/pihole:latest
    networks:
      main:
        ipv4_address: 172.18.0.25
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "127.0.0.1:67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "127.0.0.1:85:80/tcp"
      - "127.0.0.1:7643:443"
    environment:
      TZ: 'America/Vancouver'
      FTLCONF_webserver_api_password: 'insert-password-here'
      FTLCONF_dns_listeningMode: 'all'
    # Volumes store your data between container upgrades
    volumes:
      - './config/pihole/etc-pihole:/etc/pihole'
      - './config/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
      - '/etc/hosts:/etc/hosts:ro'
  #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
      - CAP_SYS_TIME
      - CAP_SYS_NICE
      - CAP_CHOWN
      - CAP_NET_BIND_SERVICE
      - CAP_NET_RAW
      - CAP_NET_ADMIN
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.pihole.rule=Host(`pihole.my.domain`)"
      - "traefik.http.routers.pihole.entrypoints=https"
      - "traefik.http.routers.pihole.tls=true"
      - "traefik.http.services.pihole.loadbalancer.server.port=80"
      - "traefik.http.routers.pihole.middlewares=fail2ban@file"
 unbound:
   image: alpinelinux/unbound
   container_name: unbound
   hostname: unbound
    networks:
      main:
        ipv4_address: 172.18.0.26
   ports:
     - "127.0.0.1:5334:5335"
   volumes:
     - ./config/unbound/:/var/lib/unbound/
     - ./config/unbound/unbound.conf:/etc/unbound/unbound.conf
     - ./config/unbound/unbound.conf.d/:/etc/unbound/unbound.conf.d/
     - ./config/unbound/log/unbound.log:/var/log/unbound/unbound.log
   restart: unless-stopped