Pihole + Unbound Docker Compose file
-
Hi friends.
I've been trying to find docker-compose.yaml for pihole+unbound so I can use pihole as both a recursive dns server and as local dns alongside Nginx Proxy Manager. But since v6 of pihole all the old files I could find don't work properly or at all.
Does anyone here use pihole+unbound in docker?
-
Hi friends.
I've been trying to find docker-compose.yaml for pihole+unbound so I can use pihole as both a recursive dns server and as local dns alongside Nginx Proxy Manager. But since v6 of pihole all the old files I could find don't work properly or at all.
Does anyone here use pihole+unbound in docker?
services: pihole: container_name: pihole image: pihole/pihole:latest hostname: sheldon environment: HOST_CONTAINERNAME: pihole TZ: ${TZ} WEBPASSWORD: ${WEBPASSWORD} DNSMASQ_LISTENING: "all" PIHOLE_DNS_1: "unbound#53" ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server - "8080:80/tcp" # network_mode: host dns: - 127.0.0.1 networks: dns: ipv4_address: 172.22.0.2 volumes: - /mnt/appdata/pihole/etc-pihole:/etc/pihole - /mnt/appdata/pihole/etc-dnsmasq.d:/etc/dnsmasq.d restart: unless-stopped depends_on: unbound: condition: service_healthy unbound: container_name: unbound image: klutchell/unbound:latest networks: dns: ipv4_address: 172.22.0.3 volumes: - /mnt/appdata/unbound:/opt/unbound/etc/unbound/custom restart: unless-stopped healthcheck: test: ["CMD", "dig", "google.com", "@127.0.0.1"] interval: 10s timeout: 5s retries: 5 wg-easy: container_name: wg-easy image: ghcr.io/wg-easy/wg-easy:15 ports: - "51820:51820/udp" - "51821:51821/tcp" # environment: # TZ: ${TZ} # LANG: en # WG_HOST: ${WG_HOST} # PASSWORD_HASH: ${PASSWORD_HASH} # WG_DEFAULT_DNS: 172.22.0.2 # WG_MTU: 1420 networks: dns: ipv4_address: 172.22.0.4 volumes: - /mnt/appdata/wg-easy:/etc/wireguard - /lib/modules:/lib/modules:ro cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 - net.ipv6.conf.all.disable_ipv6=0 - net.ipv6.conf.all.forwarding=1 - net.ipv6.conf.default.forwarding=1 restart: unless-stopped networks: dns: external: trueFeel free to just delete the wg-easy service.
-
Hi friends.
I've been trying to find docker-compose.yaml for pihole+unbound so I can use pihole as both a recursive dns server and as local dns alongside Nginx Proxy Manager. But since v6 of pihole all the old files I could find don't work properly or at all.
Does anyone here use pihole+unbound in docker?
-
services: pihole: container_name: pihole image: pihole/pihole:latest hostname: sheldon environment: HOST_CONTAINERNAME: pihole TZ: ${TZ} WEBPASSWORD: ${WEBPASSWORD} DNSMASQ_LISTENING: "all" PIHOLE_DNS_1: "unbound#53" ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server - "8080:80/tcp" # network_mode: host dns: - 127.0.0.1 networks: dns: ipv4_address: 172.22.0.2 volumes: - /mnt/appdata/pihole/etc-pihole:/etc/pihole - /mnt/appdata/pihole/etc-dnsmasq.d:/etc/dnsmasq.d restart: unless-stopped depends_on: unbound: condition: service_healthy unbound: container_name: unbound image: klutchell/unbound:latest networks: dns: ipv4_address: 172.22.0.3 volumes: - /mnt/appdata/unbound:/opt/unbound/etc/unbound/custom restart: unless-stopped healthcheck: test: ["CMD", "dig", "google.com", "@127.0.0.1"] interval: 10s timeout: 5s retries: 5 wg-easy: container_name: wg-easy image: ghcr.io/wg-easy/wg-easy:15 ports: - "51820:51820/udp" - "51821:51821/tcp" # environment: # TZ: ${TZ} # LANG: en # WG_HOST: ${WG_HOST} # PASSWORD_HASH: ${PASSWORD_HASH} # WG_DEFAULT_DNS: 172.22.0.2 # WG_MTU: 1420 networks: dns: ipv4_address: 172.22.0.4 volumes: - /mnt/appdata/wg-easy:/etc/wireguard - /lib/modules:/lib/modules:ro cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 - net.ipv6.conf.all.disable_ipv6=0 - net.ipv6.conf.all.forwarding=1 - net.ipv6.conf.default.forwarding=1 restart: unless-stopped networks: dns: external: trueFeel free to just delete the wg-easy service.
Thank you very much.
-
services: pihole: container_name: pihole image: pihole/pihole:latest hostname: sheldon environment: HOST_CONTAINERNAME: pihole TZ: ${TZ} WEBPASSWORD: ${WEBPASSWORD} DNSMASQ_LISTENING: "all" PIHOLE_DNS_1: "unbound#53" ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server - "8080:80/tcp" # network_mode: host dns: - 127.0.0.1 networks: dns: ipv4_address: 172.22.0.2 volumes: - /mnt/appdata/pihole/etc-pihole:/etc/pihole - /mnt/appdata/pihole/etc-dnsmasq.d:/etc/dnsmasq.d restart: unless-stopped depends_on: unbound: condition: service_healthy unbound: container_name: unbound image: klutchell/unbound:latest networks: dns: ipv4_address: 172.22.0.3 volumes: - /mnt/appdata/unbound:/opt/unbound/etc/unbound/custom restart: unless-stopped healthcheck: test: ["CMD", "dig", "google.com", "@127.0.0.1"] interval: 10s timeout: 5s retries: 5 wg-easy: container_name: wg-easy image: ghcr.io/wg-easy/wg-easy:15 ports: - "51820:51820/udp" - "51821:51821/tcp" # environment: # TZ: ${TZ} # LANG: en # WG_HOST: ${WG_HOST} # PASSWORD_HASH: ${PASSWORD_HASH} # WG_DEFAULT_DNS: 172.22.0.2 # WG_MTU: 1420 networks: dns: ipv4_address: 172.22.0.4 volumes: - /mnt/appdata/wg-easy:/etc/wireguard - /lib/modules:/lib/modules:ro cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 - net.ipv6.conf.all.disable_ipv6=0 - net.ipv6.conf.all.forwarding=1 - net.ipv6.conf.default.forwarding=1 restart: unless-stopped networks: dns: external: trueFeel free to just delete the wg-easy service.
You seem knowledgeable. I have a question about this. I have ran this type of setup before. Every time, I ended up ditching unbound because it throws DNSSEC error. I have tried troubleshooting but it doesn’t work.
-
You seem knowledgeable. I have a question about this. I have ran this type of setup before. Every time, I ended up ditching unbound because it throws DNSSEC error. I have tried troubleshooting but it doesn’t work.
Is your ISP interfering?
-
Is your ISP interfering?
Not as far as I know. I have never been throttled or anything ever. I have never seen any charges.
-
services: pihole: container_name: pihole image: pihole/pihole:latest hostname: sheldon environment: HOST_CONTAINERNAME: pihole TZ: ${TZ} WEBPASSWORD: ${WEBPASSWORD} DNSMASQ_LISTENING: "all" PIHOLE_DNS_1: "unbound#53" ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server - "8080:80/tcp" # network_mode: host dns: - 127.0.0.1 networks: dns: ipv4_address: 172.22.0.2 volumes: - /mnt/appdata/pihole/etc-pihole:/etc/pihole - /mnt/appdata/pihole/etc-dnsmasq.d:/etc/dnsmasq.d restart: unless-stopped depends_on: unbound: condition: service_healthy unbound: container_name: unbound image: klutchell/unbound:latest networks: dns: ipv4_address: 172.22.0.3 volumes: - /mnt/appdata/unbound:/opt/unbound/etc/unbound/custom restart: unless-stopped healthcheck: test: ["CMD", "dig", "google.com", "@127.0.0.1"] interval: 10s timeout: 5s retries: 5 wg-easy: container_name: wg-easy image: ghcr.io/wg-easy/wg-easy:15 ports: - "51820:51820/udp" - "51821:51821/tcp" # environment: # TZ: ${TZ} # LANG: en # WG_HOST: ${WG_HOST} # PASSWORD_HASH: ${PASSWORD_HASH} # WG_DEFAULT_DNS: 172.22.0.2 # WG_MTU: 1420 networks: dns: ipv4_address: 172.22.0.4 volumes: - /mnt/appdata/wg-easy:/etc/wireguard - /lib/modules:/lib/modules:ro cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 - net.ipv6.conf.all.disable_ipv6=0 - net.ipv6.conf.all.forwarding=1 - net.ipv6.conf.default.forwarding=1 restart: unless-stopped networks: dns: external: trueFeel free to just delete the wg-easy service.
How well does that run in docker? I've always liked docker, but it seems to me that certain apps should touch metal than be containerized. Maybe I'm too old school.
-
How well does that run in docker? I've always liked docker, but it seems to me that certain apps should touch metal than be containerized. Maybe I'm too old school.
I have all these services in docker as well (although not with the docker compose file here) and they run perfectly fine with a very low resource footprint.
-
Hi friends.
I've been trying to find docker-compose.yaml for pihole+unbound so I can use pihole as both a recursive dns server and as local dns alongside Nginx Proxy Manager. But since v6 of pihole all the old files I could find don't work properly or at all.
Does anyone here use pihole+unbound in docker?
I used to use a pihole+unbound single container docker image but technitium is just easier for me. Might be worth exploring other options like adguard home also.
-
How well does that run in docker? I've always liked docker, but it seems to me that certain apps should touch metal than be containerized. Maybe I'm too old school.
wrote last edited by [email protected]It runs quite well; Docker's not a full fledged virtual machine so much as a virtualization layer. I also love the portability of running this in Docker. I rsync a backup of this and the Appdata folder every night. When or if this server fails, I can be up and running again in minutes on another machine.
-
Not as far as I know. I have never been throttled or anything ever. I have never seen any charges.
I mean in terms of hijacking DNS. Might be worth a look.
-
Thank you very much.
How'd it work out?
-
I have all these services in docker as well (although not with the docker compose file here) and they run perfectly fine with a very low resource footprint.
0K that's cool. I love docker. I would like to upgrade to k8s but I haven't yet plumbed the depths of docker. I was just with the overhead of docker, since Pi-Hole/Unbound is a dedicated system, I thought maybe it'd get better thru put baked in. I wouldn't listen to me tho, I'm medicated.
-
I mean in terms of hijacking DNS. Might be worth a look.
I don’t think it happens because I have used NextDNS and the logs show my activity.
-
0K that's cool. I love docker. I would like to upgrade to k8s but I haven't yet plumbed the depths of docker. I was just with the overhead of docker, since Pi-Hole/Unbound is a dedicated system, I thought maybe it'd get better thru put baked in. I wouldn't listen to me tho, I'm medicated.
As an anecdote: I have one system (x86) with pi-hole and unbound in a docker, and a secondary raspberry pi with pi-hole running on bare metal. The docker system (although much more performant in general) has a lower latency as the raspberry bare metal install.
-
It runs quite well; Docker's not a full fledged virtual machine so much as a virtualization layer. I also love the portability of running this in Docker. I rsync a backup of this and the Appdata folder every night. When or if this server fails, I can be up and running again in minutes on another machine.
I do exactly the same thing for all three of these services! My implementation is on podman rather than docker, but basically the same deal.
-
You seem knowledgeable. I have a question about this. I have ran this type of setup before. Every time, I ended up ditching unbound because it throws DNSSEC error. I have tried troubleshooting but it doesn’t work.
I just went through my setup to verify dnssec settings in unbound to troubleshoot strange latency when removing random names while browsing. Did you verify the unbound certificate file was created and had the proper permissions? There are also a couple other configuration items in unbound related to dnssec that can be tweaked to improve the implementation.
-
How'd it work out?
Deleted the WireGuard and modified few other things in docker compose file and so far it's running fine without any errors. So far do good.
-
3 years ago
2 years ago
uh, nah
