Hi friends.
I’ve been trying to find docker-compose.yaml for pihole+unbound so I can use pihole as both a recursive dns server and as local dns alongside Nginx Proxy Manager. But since v6 of pihole all the old files I could find don’t work properly or at all.
Does anyone here use pihole+unbound in docker?
You seem knowledgeable. I have a question about this. I have ran this type of setup before. Every time, I ended up ditching unbound because it throws DNSSEC error. I have tried troubleshooting but it doesn’t work.
I just went through my setup to verify dnssec settings in unbound to troubleshoot strange latency when removing random names while browsing. Did you verify the unbound certificate file was created and had the proper permissions? There are also a couple other configuration items in unbound related to dnssec that can be tweaked to improve the implementation.
I tried again today with baremetal and docker install but I always end up with SERVFAIL after some time.
Instead of port 53, I need to run unbound on 5335 (or another obscure port).I believe I also had to make some host level changed for DNS to operate correctly for incoming requests.
Here’s my podman run commands. These might have changed a bit with Pihole v6, but should still be ok AFAIK.
#PiHole1 Deployment/Upgrade Script podman run -d --name pihole -p 53:53/tcp -p 53:53/udp -p 8080:80/tcp --hostname pihole --cap-add=CAP_AUDIT_WRITE -e FTLCONF_REPLY_ADDR4=192.168.0.201 -e PIHOLE_DNS_=“192.168.0.201#5335;192.168.0.202#5335” -e TZ=“America/New York” -e WEBPASSWORD=" MyPassword" -v /var/pihole/pihole1:/etc/pihole -v /var/pihole/pihole1/piholedns/:/etc/dnsmasq.d --restart=unless-stopped --label=“io.containers.autoupdate=registry” docker.io/pihole/pihole:latest
#UnBound1 Deployment/Upgrade Script podman run -d --name unbound -v /var/pihole/pihole1/unbound:/opt/unbound/etc/unbound/ -v /var/pihole/pihole1/unbound/unbound.log:/var/log/unbound/unbound.log -v /var/pihole/pihole1/unbound/root.hints:/opt/unbound/etc/unbound/root.hints -v /var/pihole/pihole1/unbound/a-records.conf:/opt/unbound/etc/unbound/a-records.conf -p 5335:5335/tcp -p 5335:5335/udp --restart=unless-stopped --label=“io.containers.autoupdate=registry” docker.io/mvance/unbound:latest
I used a similar docker compose config. Yesterday I learned that unbound doesn’t have root.hints by default. I downloaded it following Anudeep’s guide on Github and it was working. But within 2 hours, it started taking too long to respond and eventually stopped replying to pihole. I had to switch to cloudflare.
Have you modified the default unbound config at all? This sounds like increasing the cache size limits and timeframes in the unbound config could help.
I’m actually chasing an issue I’ve always had where everything works great in my environment, but on mobile certain domains take ages to finally load up for me. I think it’s a combination of my Pihole blocking and the amount of domains tied to a page (advertisements and tracking), but would love to figure it out. I work around it right now by flipping wifi off and on again in those instances.
I have used pi-hole recommended config. I have used unbound recommended config (which feels incomplete and confusing). I have tried tweaks here and there. End result is this.
So far, the longest I have had success is with unbound docker container. The issue with that is that it seems to not be caching entries.
Is your ISP interfering?
Not as far as I know. I have never been throttled or anything ever. I have never seen any charges.
I mean in terms of hijacking DNS. Might be worth a look.