Pi-hole in a Docker Container on a Raspberry Pi

While I was disappearing down a rabbit hole investigating unbound as a DNS Privacy server, I came across Pi-Hole – A black hole for Internet advertisements.

I’ve always used uBlock Origin for ad blocking but that is a per client thing which is a bit of a hassle.

Pi-hole provides ad blocking for all clients on the network, seamlessly.  I just configure DNS on each client, via DHCP, to point towards the Pi-Hole server.

Obviously, I love Docker so it’s in a Docker Container on a Raspberry Pi.

Currently, I’ve sacrificed DNS privacy but I’ll work on that later in terms of getting Pi-hole to send all DNS queries through my own DNS server.

This is how I implemented it.  Obviously, these aren’t detailed instructions but more of a reference to jog my memory if I need it!

********************
Note: Substitute the IP address of the host that the Container is running on for ${IP} and ${IPv6}
********************

docker run -d \
    --name=pihole \
    --hostname=pihole \
    -p 53:53/tcp -p 53:53/udp -p 80:80 \
    -e ServerIP="${IP}" \
    -e ServerIPv6="${IPv6}" \
    -v pihole_data_1:/etc/pihole/ \
    -v pihole_data_2:/etc/dnsmasq.d/ \
    --restart=unless-stopped \
    pihole/pihole:v4.0_armhf

 

 

Raspberry Pi Docker Container to send all LAN DNS requests to Cloudflare’s 1.1.1.1 DNS over TLS

I wanted to implement this on a Raspberry Pi that I have running Docker.  However, I wasn’t able to find an image in Docker Hub for the ARM architecture that the Raspberry Pi uses so I made my own based on the x86-64 image, here.

  • Place the Dockerfile and unbound.conf in the same directory.
  • Docker file:
FROM arm32v6/alpine:3.7
EXPOSE 53/udp
RUN apk add --update --no-cache -q --progress unbound && \
    rm -rf /etc/unbound/unbound.conf /var/cache/apk/*
COPY unbound.conf /etc/unbound/unbound.conf
ENTRYPOINT unbound -d
  • unbound.conf:
server:
  verbosity: 0
  use-syslog: no
  qname-minimisation: yes
  do-tcp: yes
  prefetch: yes
  rrset-roundrobin: yes
  use-caps-for-id: yes
  do-ip4: yes
  do-ip6: no
  interface: 0.0.0.0
  access-control: 0.0.0.0/0 allow
forward-zone:
  name: "."
  forward-addr: 1.1.1.1@853
  forward-addr: 1.0.0.1@853
  forward-ssl-upstream: yes

 

  • Build the Docker image:
docker build -t itinnovations/cloudflaretlsdns:latest .

 

  • Start a container as a daemon from the above image:
docker run -d \
  --name=CloudflareTLSDNS \
  --restart=unless-stopped \
  -p 53:53/udp \
  itinnovations/cloudflaretlsdns

 

  • Configure all clients to point to the IP address of the Docker Host for DNS.