Best way to add unbound to existing Docker pihole?

tamorgen · June 9, 2025, 3:06pm

Good morning,
I've set up the latest version of Pi-Hole on using Docker Compose on a Fedora Workstation (42) mini PC using host networking and the official Pi-Hole image. I'd like to add unbound to it, but most of the walkthrough's I've found are using maclan configurations, and are for older versions of Pi-Hole. The recent YouTube videos I've seen are using Proxmax, which I know nothing about and may not be relevant to me. Ultimately I'd like to use DNS-Over-HTTPS as well, so I don't know if it would be any more difficult to do at the same time as adding unbound.

I'd like to not recreate my container if possible, as I have Pi-Hole running as my DCHP server as well (one of the reasons I used host networking), and it was a bit of effort transferring the host lists from my old instance using the 04-pihole-dnsmasq.conf way of doing things to the new interface.

Below is my compose.yml excerpt relating to Pi-Hole.

  pihole:
    container_name: pihole
    network_mode: host
    image: pihole/pihole:latest
    environment:
      TZ: "America/New_York"
      FTLCONF_webserver_api_password: "********"
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

Does anybody know of a good guide to follow for what I'm trying to do? I've been Googling and watching YouTube for the past couple of days and not really finding what I want.

rdwebdesign · June 9, 2025, 6:05pm

I think the best way to do it is just to start an unbound container and point Pi-hole upstream to that container.

This is an example of Compose file using the default bridge network: unbound-docker/examples/pi-hole/docker-compose.yml at b8bb4f2f6b02ade931c2f0064678c368c3f6d936 · klutchell/unbound-docker · GitHub.

Just change the Pi-hole volumes to match your current configuration (this will keep your current settings when you start the new container) and adjust your environment variables (TZ, password, etc).

tamorgen · June 10, 2025, 12:53am

Okay, I tried this . This did involve switiching to a bridge network, but it is what it is.

Pi-hole seems to be working, although I had to change a setting to allow it to listen on an in interface other than eth0. Once I did that, I was able to resolve domains on the rest of my network.

What I've discovered is that unbound image doesn't appear to have any of the .conf files needed for unbound to work properly. Still working through it.

rdwebdesign · June 10, 2025, 1:04am

If you are using the image from my comment above, you need to edit your .conf files in the directory you configured here:

    volumes:
      - /path/to/config:/etc/unbound/custom.conf.d

/path/to/config needs to be changed to match the directory on the host you want to store the Unbound config files.

You can use other images. This was just an example.

rdwebdesign · June 10, 2025, 1:08am

The example uses bridge mode, but you can adapt the settings to use host mode.

You will need to remove the ports, change the unbound port to avoid conflicts with Pi-hole and change FTLCONF_dns_upstreams to match the IP and port used in your new compose file.

system · July 1, 2025, 1:09am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.