Pi-hole as DNS Server with DNS over HTTPS (DOH) Based on Docker Containers¶
Pi-hole Official Website Official Website.
Pi-hole is a DNS server that is designed to block ads and trackers. It is a free and open source software project. It's based on blocklists and acts as a DNS sinkhole.
What's DNS over HTTPS (DOH)?¶
DNS over HTTPS (DoH) is an internet security protocol that communicates domain name server information in an encrypted way over HTTPS connections.
My Pi-hole Setup¶
My setup fully depends on pi-hole dns server, that's why I use two servers one as primary DNS Server and the second as secondary DNS server.
I've configured my router as a DNS server for all the DHCP clients with primary and the secondary DNS as my pi-hole servers. This way all the clients requests the router to resolve the DNS and the router forwards the request to the pi-hole servers.
- Pi-hole-1 runs on ubuntu server (virtual machine)
- Pi-hole-2 runs on Raspberry Pi
This is not a step by step guide for all the configurations of pihole or how to use docker containers. The following instuctions include only the deployemt of the pi-hole server with DoH providers.
We Will be using
docker-compose to deploy the pi-hole server with DoH providers with a single configuration file.
The following docker-compose.yml includes two images: Pi-hole container, and cloudflared container. When you run
docker-compose up the containers will be created and started. I't will create internal network for the pihole and two instances of cloudflared. When a request comes in the pihole will forward the request to the cloudflared instances one of them will use Cloudflare DNS servers and the other will use Google's DNS servers. There is no need to configure the pihole's DNS server at the UI since the configuration is done by
When using this setup two folders will be created on the Host machine for persistent storage of the containers:
config, dnsmasq.d. Those folders will be mounted to the containers when its running/restarted/recreated. Those folders will be created at the root folder of the docker-compose.yml file.
Create a folder for the deployment of the containers at your host machine.
create a file named
docker-compose.yml at the root folder and copy the following content to it:
version: '2.4' services: pihole: container_name: pihole hostname: pihole restart: always image: pihole/pihole networks: dns: ipv4_address: 172.20.0.9 depends_on: google-126.96.36.199: condition: service_started cloudflare-188.8.131.52: condition: service_started volumes: - ./config:/etc/pihole/ - ./dnsmasq.d:/etc/dnsmasq.d/ - /etc/localtime:/etc/localtime ports: - '7003:80' - '53:53/tcp' - '53:53/udp' environment: - ServerIP=127.0.0.1 - WEBPASSWORD=ChangeMe - PIHOLE_DNS_=172.20.0.10;172.20.0.12 cloudflare-184.108.40.206: container_name: cloudflare-220.127.116.11 hostname: cloudflare-18.104.22.168 restart: always image: visibilityspots/cloudflared networks: dns: ipv4_address: 172.20.0.10 expose: - '53/tcp' - '53/udp' environment: - PORT=53 - UPSTREAM1=https://22.214.171.124/dns-query - UPSTREAM2=https://126.96.36.199/dns-query volumes: - /etc/localtime:/etc/localtime google-188.8.131.52: container_name: google-184.108.40.206 hostname: google-220.127.116.11 restart: always image: visibilityspots/cloudflared networks: dns: ipv4_address: 172.20.0.12 expose: - '53/tcp' - '53/udp' environment: - PORT=53 - UPSTREAM1=https://18.104.22.168/dns-query - UPSTREAM2=https://22.214.171.124/dns-query volumes: - /etc/localtime:/etc/localtime networks: dns: ipam: config: - subnet: 172.20.0.0/24
docker-compose up -d to create the containers. If all went well you should should be able to access the pihole server at
http://127.0.0.1.7003 with password
ChangeMe from the config above.
Now you need to change your dns server to point to the pihole server. We are done with the installation.