one137

Theme: 

Pi-Hole

Pi-Hole serves as a local DNS server.

In particular, it acts as a DNS sinkhole to provide network-level ad and tracker blocking. It works by intercepting DNS requests from all devices on the network and blocking requests to known advertising and tracking domains, effectively stopping ads before they’re even downloaded.

It is built on top of DNSMasq.

Setup

VM / Bare

If in Proxmox:

  • Core: 2, RAM: 2G, Disk: 8G, Network: static IPv4, no IPv6
  • Set “Start at boot”, “Start order”
  • Paste public ssh key

In host:

  • curl -sSL <https://install.pi-hole.net> | bash

Update

sudo pihole -up

Docker

https://github.com/pi-hole/docker-pi-hole/#quick-start

Stack config: https://github.com/one137/dockerhost-stacks/blob/main/stacks/30-pihole.yml

Add ct-npm to 30-pihole_default network.

Post install

Verify that http://pi.hole points to the correct server (same as e.g. http://192.168.137.10/admin)

Configure Local DNS > DNS Records for main hardware machines. Example:

router192.168.137.1
pihole1192.168.137.10
proxmox192.168.137.11
truenas192.168.137.12
dockerhost192.168.137.13

Once fully set up, backup config through UI > Settings > Teleporter > Backup

To redirect / to /admin, see https://discourse.pi-hole.net/t/redirect-to-admin/44103 for bare installs. For Docker, the VIRTUAL_HOST is already set above.

Custom DNSMasq files

For general domain access, instead of CNAMEs: /etc/dnsmasq.d/98-one137-address.conf:

# address=/one137.dev/10.100.0.4 # Direct to NPM for wireguard clients, but doesn't work to have >1 address
address=/one137.dev/192.168.137.13

where

  • 192.168.137.13 is dockerhost’s address
  • 10.100.0.0/24 is network 40-wireguard-easy_static’s subnet and
  • 10.100.0.4 is ct-npm’s address on that network.

To have both primary and secondary DNS servers announced by the DHCP server, add to the primary Pi-hole a /etc/dnsmasq.d/99-second-DNS.conf with:

dhcp-option=option:dns-server,192.168.1.98,192.168.1.101

Query API

http://pi.hole/admin/api.php?status&auth=token

Redundancy

Pi-hole 1

Runs primary pi-hole instance with DHCP server

Pi-hole 2

Secondary instance w/o DHCP

Backlinks