https://github.com/IAmStoxe/wirehole

3 years ago

2 years ago

uh, nah

That's when the compose file was written. The docker images named in the file are updated constantly. Fear not ad-block seeker!

I just went through my setup to verify dnssec settings in unbound to troubleshoot strange latency when removing random names while browsing. Did you verify the unbound certificate file was created and had the proper permissions? There are also a couple other configuration items in unbound related to dnssec that can be tweaked to improve the implementation.

I tried again today with baremetal and docker install but I always end up with SERVFAIL after some time.

How well does that run in docker? I've always liked docker, but it seems to me that certain apps should touch metal than be containerized. Maybe I'm too old school.

Focker Docker container in host mode is sufficient for most cases requiring bare deployment.

Hi friends.

I've been trying to find docker-compose.yaml for pihole+unbound so I can use pihole as both a recursive dns server and as local dns alongside Nginx Proxy Manager. But since v6 of pihole all the old files I could find don't work properly or at all.

Does anyone here use pihole+unbound in docker?

Instead of port 53, I need to run unbound on 5335 (or another obscure port).I believe I also had to make some host level changed for DNS to operate correctly for incoming requests.

Here's my podman run commands. These might have changed a bit with Pihole v6, but should still be ok AFAIK.

#PiHole1 Deployment/Upgrade Script
podman run -d --name pihole -p 53:53/tcp -p 53:53/udp -p 8080:80/tcp --hostname pihole --cap-add=CAP_AUDIT_WRITE -e FTLCONF_REPLY_ADDR4=192.168.0.201 -e PIHOLE_DNS_="192.168.0.201#5335;192.168.0.202#5335" -e TZ="America/New York" -e WEBPASSWORD=" MyPassword" -v /var/pihole/pihole1:/etc/pihole -v /var/pihole/pihole1/piholedns/:/etc/dnsmasq.d --restart=unless-stopped --label="io.containers.autoupdate=registry" docker.io/pihole/pihole:latest

#UnBound1 Deployment/Upgrade Script
podman run -d --name unbound -v /var/pihole/pihole1/unbound:/opt/unbound/etc/unbound/ -v /var/pihole/pihole1/unbound/unbound.log:/var/log/unbound/unbound.log -v /var/pihole/pihole1/unbound/root.hints:/opt/unbound/etc/unbound/root.hints -v /var/pihole/pihole1/unbound/a-records.conf:/opt/unbound/etc/unbound/a-records.conf -p 5335:5335/tcp -p 5335:5335/udp --restart=unless-stopped --label="io.containers.autoupdate=registry" docker.io/mvance/unbound:latest

I used a similar docker compose config. Yesterday I learned that unbound doesn’t have root.hints by default. I downloaded it following Anudeep’s guide on Github and it was working. But within 2 hours, it started taking too long to respond and eventually stopped replying to pihole. I had to switch to cloudflare.

Have you modified the default unbound config at all? This sounds like increasing the cache size limits and timeframes in the unbound config could help.

I'm actually chasing an issue I've always had where everything works great in my environment, but on mobile certain domains take ages to finally load up for me. I think it's a combination of my Pihole blocking and the amount of domains tied to a page (advertisements and tracking), but would love to figure it out. I work around it right now by flipping wifi off and on again in those instances.