I'm running eero w/DNS pointed solely at local IP for docker host (IPv4 & IPv6). All extra features on eero have been disabled.
I used this docker container to setup pihole+unbound , this is the output of top command on my docker container host running ubuntu LTS. The only other thing i have running is an enshrouded server but that likely won't stay forever.
I'm open to moving off of docker / shared host and onto a seperate pi if its advisable, but would prefer not if i don't have to.
root@precision:~/docker/pihole-unbound# top
top - 12:33:42 up 6 days, 21:57, 2 users, load average: 0.83, 0.85, 0.86
Tasks: 334 total, 1 running, 333 sleeping, 0 stopped, 0 zombie
%Cpu(s): 6.9 us, 0.6 sy, 0.0 ni, 92.5 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 31756.0 total, 24926.2 free, 2981.9 used, 4360.4 buff/cache
MiB Swap: 8192.0 total, 8192.0 free, 0.0 used. 28774.1 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
291836 4711 20 0 5851956 1.3g 46040 S 90.0 4.2 4d+7h enshrouded_serv
291788 4711 20 0 16300 15020 2408 S 0.7 0.0 53:58.08 wineserver
103 root -51 0 0 0 0 S 0.3 0.0 2:11.70 irq/9-acpi
853 avahi 20 0 9848 4988 4092 S 0.3 0.0 21:49.78 avahi-daemon
999 root 20 0 334576 17600 7360 S 0.3 0.1 5:34.58 upowerd
2062 root 20 0 3818348 83832 54136 S 0.3 0.3 10:40.07 dockerd
151705 root 20 0 38600 28728 11632 S 0.3 0.1 2:22.89 supervisord
This is my docker compose file
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
network_mode: host
ports:
# DNS Ports
- "53:53/tcp"
- "53:53/udp"
# Default HTTP Port
- "80:80/tcp"
# Default HTTPs Port. FTL will generate a self-signed certificate
- "443:443/tcp"
# Uncomment the below if using Pi-hole as your DHCP Server
#- "67:67/udp"
#dns:
#- 127.0.0.1
environment:
# Set the appropriate timezone for your location from
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, e.g:
TZ: ${TZ}
# Set a password to access the web interface. Not setting one will result in a random password being assigned
FTLCONF_webserver_api_pwhash: 'redacted'
# If using Docker's default `bridge` network setting the dns listening mode should be set to 'all'
FTLCONF_dns_listeningMode: 'all'
FTLCONF_dns_upstreams: '127.0.0.1#5335' # Unbound
# Don't use pihole as a NTP Server
FTLCONF_ntp_ipv4_active: ${NTP_IPV4_ACTIVE:-true}
FTLCONF_ntp_ipv6_active: ${NTP_IPV6_ACTIVE:-true}
FTLCONF_ntp_sync_active: ${NTP_IPV6_ACTIVE:-true}
# Volumes store your data between container upgrades
volumes:
# For persisting Pi-hole's databases and common configuration file
- '/srv/docker/pihole-unbound/pihole/etc-pihole:/etc/pihole'
# Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
#- '/srv/docker/pihole-unbound/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
cap_add:
# See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# Required if you are using Pi-hole as your DHCP server, else not needed
#- NET_ADMIN
# Required if you are using Pi-hole as your NTP client to be able to set the host's system time
#- SYS_TIME
# Optional, if Pi-hole should get some more processing time
- SYS_NICE
restart: unless-stopped
unbound:
container_name: unbound
image: mvance/unbound:latest # Change to use 'mvance/unbound-rpi:latest' on raspberry pi
# use pihole network stack
network_mode: service:pihole
volumes:
# main config
- ./unbound-config/unbound.conf:/opt/unbound/etc/unbound/unbound.conf:ro
# custom config (unbound.conf.d/your-config.conf). unbound.conf includes these via wilcard include
- ./unbound-config/unbound.conf.d:/opt/unbound/etc/unbound/unbound.conf.d:ro
# log file
- /srv/docker/pihole-unbound/unbound/etc-unbound/unbound.log:/opt/unbound/etc/unbound/unbound.log
restart: unless-stopped
post_start:
# remove unused config files
- command: rm -f /opt/unbound/etc/unbound/a-records.conf
- command: rm -f /opt/unbound/etc/unbound/forward-records.conf
- command: rm -f /opt/unbound/etc/unbound/srv-records.conf
this is the output of nslookup pi.hole from different machine than docker host
nslookup pi.hole
Server: UnKnown
Address: 192.168.5.34 (docker host IP)
Name: pi.hole
Address: 172.20.0.2
Expected Behaviour:
So far things have been fine with few exceptions.
- Have to use direct IP to access pihole dashboard
- ipad couldn't access netflix last night unless i changed DNS to use googles DNS
- xbox gamepass was working previously while using pihole but wouldn't work today until i added live.com to whitelist & did reloaddns on pihole
- images / sites feel like they are loading slower.