Skip to content

Support us at

Authors: fire1ce | Created: 2022-04-03 | Last update: 2024-02-26

Pi-hole as DNS Server with DNS over HTTPS (DOH) Based on Docker Containers

pihole-webgui

What's Pi-hole?

Pi-hole Official Website Official Website.

Pi-hole is a DNS server that is designed to block ads and trackers. It is a free and open source software project. It's based on blocklists and acts as a DNS sinkhole.

What's DNS over HTTPS (DOH)?

DNS over HTTPS (DoH) is an internet security protocol that communicates domain name server information in an encrypted way over HTTPS connections.

My Pi-hole Setup

My setup fully depends on pi-hole dns server, that's why I use two servers one as primary DNS Server and the second as secondary DNS server.

I've configured my router as a DNS server for all the DHCP clients with primary and the secondary DNS as my pi-hole servers. This way all the clients requests the router to resolve the DNS and the router forwards the request to the pi-hole servers.

network flow

  • Pi-hole-1 runs on ubuntu server (virtual machine)
  • Pi-hole-2 runs on Raspberry Pi

Warning

This is not a step by step guide for all the configurations of pihole or how to use docker containers. The following instuctions include only the deployemt of the pi-hole server with DoH providers.

Installation

We Will be using docker-compose to deploy the pi-hole server with DoH providers with a single configuration file.

The following docker-compose.yml includes two images: Pi-hole container, and cloudflared container. When you run docker-compose up the containers will be created and started. I't will create internal network for the pihole and two instances of cloudflared. When a request comes in the pihole will forward the request to the cloudflared instances one of them will use Cloudflare DNS servers and the other will use Google's DNS servers. There is no need to configure the pihole's DNS server at the UI since the configuration is done by docker-compose.yml file.

When using this setup two folders will be created on the Host machine for persistent storage of the containers: config, dnsmasq.d. Those folders will be mounted to the containers when its running/restarted/recreated. Those folders will be created at the root folder of the docker-compose.yml file.

Create a folder for the deployment of the containers at your host machine.
create a file named docker-compose.yml at the root folder and copy the following content to it:

version: '2.4'

services:
  pihole:
    container_name: pihole
    hostname: pihole
    restart: always
    image: pihole/pihole
    networks:
      dns:
        ipv4_address: 172.20.0.9
    depends_on:
      google-8.8.8.8:
        condition: service_started
      cloudflare-1.1.1.1:
        condition: service_started
    volumes:
      - ./config:/etc/pihole/
      - ./dnsmasq.d:/etc/dnsmasq.d/
      - /etc/localtime:/etc/localtime
    ports:
      - '7003:80'
      - '53:53/tcp'
      - '53:53/udp'
    environment:
      - ServerIP=127.0.0.1
      - WEBPASSWORD=ChangeMe
      - PIHOLE_DNS_=172.20.0.10;172.20.0.12

  cloudflare-1.1.1.1:
    container_name: cloudflare-1.1.1.1
    hostname: cloudflare-1.1.1.1
    restart: always
    image: visibilityspots/cloudflared
    networks:
      dns:
        ipv4_address: 172.20.0.10
    expose:
      - '53/tcp'
      - '53/udp'
    environment:
      - PORT=53
      - UPSTREAM1=https://1.1.1.1/dns-query
      - UPSTREAM2=https://1.1.1.1/dns-query
    volumes:
      - /etc/localtime:/etc/localtime

  google-8.8.8.8:
    container_name: google-8.8.8.8
    hostname: google-8.8.8.8
    restart: always
    image: visibilityspots/cloudflared
    networks:
      dns:
        ipv4_address: 172.20.0.12
    expose:
      - '53/tcp'
      - '53/udp'
    environment:
      - PORT=53
      - UPSTREAM1=https://8.8.8.8/dns-query
      - UPSTREAM2=https://8.8.8.8/dns-query
    volumes:
      - /etc/localtime:/etc/localtime

networks:
  dns:
    ipam:
      config:
        - subnet: 172.20.0.0/24

Now run docker-compose up -d to create the containers. If all went well you should should be able to access the pihole server at http://127.0.0.1.7003 with password ChangeMe from the config above.

Now you need to change your dns server to point to the pihole server. We are done with the installation.

Comments