In principle pihole is working and blocking ads both via IPv4 and IPv6 both on Windows PCs and Iphone
I am aware this is not a pi-hole issue but a DNS config issue, but since I am tampering with my FritzBox only because of pihole I am hoping others have similiar experience and have solved the issue.
Debug Token:
Replace this text with the debug token provided from running pihole -d
Since I have a docker installation, “the command
which pihole
delivers nothing.
I can log in into the admin web page of pi-hole and see everything but I can’t find “generate debug token” under Tools or anywhere else.
raspberryname.local is resolved via mDNS (via Bonjour and avahi-daemon), using multicast. This only works on the same local link, or sometimes over VLANs. This will realistically never work over any VPN.
raspberryname is probably resolved via Tailscale`s MagicDNS. This MagicDNS service is obviously only available when connected to the Tailscale VPN.
You can use the special DNS name generated by Pi-hole named pi.hole(so access would be http://pi.hole:port). This is automatically generated and will point to the correct IP, no matter the source interface.
You can also use the automatic IP handling of pi.hole with a local DNS record by using a CNAME record.
I recommend choosing something like raspberryname.home.arpa or raspberryname.yourdomain.com as your domain.
Add it in the Web Interface via: Settings > Local DNS Settings > Local CNAME records.
Domain: raspberryname.home.arpa Target: pi.hole
If I change nothing but simply try to open my raspberrypi resource from any device (PC or IPhone) via http://pi.hole:port the URI can’t be found. The browser times out.
Is this expected?
I then added in the admin web interface under DNS Records (CNAME list):
Domain: raspberrypiname.home.arpa
Target: pi.hole
Then on raspberry: sudo reboot
No change of behaviour when using raspberrypiname.home.arpa, which in turn I expected because pi.hole doesn’t seem to be valid anyway.
BTW: I left TTL empty because I don’t know what to put there.
Re. docker networking mode: I don’t know. How do I find out?
Re. docker compose file:
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
# DNS Ports
- "53:53/tcp"
- "53:53/udp"
# Default HTTP Port
- "80:80/tcp"
# Default HTTPs Port. FTL will generate a self-signed certificate
- "443:443/tcp"
# Uncomment the below if using Pi-hole as your DHCP Server
#- "67:67/udp"
# Uncomment the line below if you are using Pi-hole as your NTP server
#- "123:123/udp"
environment:
# Set the appropriate timezone for your location from
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, e.g:
TZ: 'Europe/Berlin'
# Set a password to access the web interface. Not setting one will result in a random password being assigned
FTLCONF_webserver_api_password: 'password'
# If using Docker's default `bridge` network setting the dns listening mode should be set to 'ALL'
FTLCONF_dns_listeningMode: 'ALL'
# Volumes store your data between container upgrades
volumes:
# For persisting Pi-hole's databases and common configuration file
- './etc-pihole:/etc/pihole'
# Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
#- './etc-dnsmasq.d:/etc/dnsmasq.d'
cap_add:
# See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# Required if you are using Pi-hole as your DHCP server, else not needed
- NET_ADMIN
# Required if you are using Pi-hole as your NTP client to be able to set the host's system time
- SYS_TIME
# Optional, if Pi-hole should get some more processing time
- SYS_NICE
restart: unless-stopped
I’d recommend using docker’s host networking mode for this.
This will make Pi-hole share the same IP-address as the host.
When using host you won’t have any port mappings, so set Pi-hole’s web ports as to not conflict with other services.
adapted compose file:
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
network_mode: host
environment:
# Set the appropriate timezone for your location from
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, e.g:
TZ: 'Europe/Berlin'
# Set a password to access the web interface. Not setting one will result in a random password being assigned
FTLCONF_webserver_api_password: 'password'
# If using Docker's default `bridge` network setting the dns listening mode should be set to 'ALL'
FTLCONF_dns_listeningMode: 'ALL'
# Volumes store your data between container upgrades
volumes:
# For persisting Pi-hole's databases and common configuration file
- './etc-pihole:/etc/pihole'
# Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
#- './etc-dnsmasq.d:/etc/dnsmasq.d'
cap_add:
# See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# Required if you are using Pi-hole as your DHCP server, else not needed
- NET_ADMIN
# Required if you are using Pi-hole as your NTP client to be able to set the host's system time
- SYS_TIME
# Optional, if Pi-hole should get some more processing time
- SYS_NICE
restart: unless-stopped
Coming from outside via Tailscale vpn with my Iphone still only http://raspberryname/admin worked whereas in local Wifi I still had to use raspbertyname.local.
Then I added in the web admin page under
Settings -> Local DNS Records -> List of local CNAME records
Domain: raspberryname (without suffix “.home” or anything like that)
Target: pi.hole
Now I can access the same URL http://raspberryname:port from IPhone regardless of local Wifi or Tailscale vpn! From PC anyway.
