Skip to content

Support us

Pi-hole as DNS Server with DNS over HTTPS (DOH) Based on Docker Containers

You can read about Pi-hole at their Official Website

pihole-webgui

My setup fully depends on pi-hole dns server, that's why we use two servers one as primary DNS Server and the second as secondary DNS server.

I've configured my router as a DNS server for all the DHCP clients with primary and the secondary DNS as my pi-hole servers. This way all the clients requests the router to resolve the DNS.

network flow
  • Pi-hole-1 runs on ubuntu server (virtual machine)
  • Pi-hole-2 runs on ubuntu server (Raspberry Pi)

Installation

Warning

This is not a step by step guide for all the configurations of pihole or how to use docker

We will be using docker containers for both Pihole and the Cloudflared (DOH). Since we want to forward DNS requests from Pihole to Cloudflared (DOH) we will create very specific docker network which will allow as to configure the forwarding requests for the DNS with internal docker IP (yeah i know it's against all the best practice of docker)

Create Docker network for the Pihole and Cloudflared with only 5 IP address:

docker network create --subnet 172.30.9.0/29 dns-network

We will run the pihole docker container with hardcoded ip from the pull we created. we will pass the DNS1, DNS2 ip address for the Cloudflared container we ill create in the next step

docker run \
-d \
--name pihole \
--hostname pihole \
--restart always \
--ip 172.30.9.2 \
-p 53:53/tcp \
-p 53:53/udp \
-p 7003:80 \
-v /root/pihole:/etc/pihole/ \
-v /root/pihole/dnsmasq.d:/etc/dnsmasq.d/ \
-e ServerIP="127.0.0.1" \
-e PIHOLE_DNS_="172.30.9.3#5053;172.30.9.3#5053" \
-e WEBPASSWORD="ChangeMe" \
-v /etc/localtime:/etc/localtime \
--network=dns-network \
pihole/pihole:latest

Now we will create our Cloudflared container with hardcoded ip

docker run \
-d \
--restart always \
--name=cloudflared \
--ip 172.30.9.3 \
-h cloudflared \
-v /etc/localtime:/etc/localtime \
-e PUID=1000 \
-e PGID=1000 \
-e PORT=5053 \
--network=dns-network \
visibilityspots/cloudflared:latest

At this point you should have both containers running with pihole forwarding all the requests via DNS over HTTPS.


Last update: October 2, 2021
Back to top