Setup on Synology Docker

I made this account just to start sharing my experience moving pi-hole to my Synology docker.

Many of you may have seen http://tonylawrence.com/posts/unix/synology/free-your-synology-ports/ and this got me doing some research on macvlan with docker.

If you ssh into your Synology as a root user and use the following command:

docker network create -d macvlan /
–subnet=192.168.0.0/24 /
–ip-range=192.168.0.5/32 /
–gateway=192.168.0.1 /
-o parent=eth0 Pi-hole

This will create a macvlan with the ip forced as a single ip (192.168.0.5) to use as a network for your docker image.You can then create your pi-hole docker image all through the UI now as this network will show up in docker. No port forwarding or anything is needed for your docker image just select Pi-hole as your network and delete bridge in the network section of the interface and set the ServerIP.

Using an IP calculator you can configure this to a single ip in ip-range section of the command.

Now modifying this a little I am trying to get cloudflared DOH running in a docker image but being that I am using eth0 for both pi-hole and cloudflared I am unable to have eth0 talking to itself. I hopefully will have some time over the weekend to further my research on this subject.

2 Likes

Ok a little more messing around tonight I have managed to do a complete setup of Pi-hole using synologies docker UI besides creating the macvlan in SSH above.

I mean complete setup by binding volumes for the etc/pihole and etc/dnsmasq.d to maintain settings even after deleting my docker image or restarting the synology. Pi.hole in the browser takes me to my pihole page. Everthing I tried works as expected and functions just like my pi3 install.

I dont have it set as my DHCP yet because I plan on doing an easy setup guide to install this through the GUI as tony’s UI guide is a little outdated. But to use DCHP it should be as simple as setting a static IP on the synology as pihole is not actually running until the synology has booted completely.

I did manage to get a cloudflared docker instance working but its not quiet how I would like it as I had to send the pihole to the router and have the router send requests from the pihole to the cloudflared container due to the Linux kernel blocking macvlan communication to the host.

1 Like

Ok here is a little write up I did. I was unable to load the word version to the site so I uploaded the a zip file with the original document but attached pictures of the write up.
The only downside of this is it will only show an IP for the Synology in the pi-hole interface because the Synology uses pi-hole through a docker bridge being that it is unable to contact it through the macvlan.




Pi.zip (387.9 KB)

2 Likes

Thank you so much for this guide. I tried a lot of guides, and nothing would work. This is by far the most easy and elegant way of installing Pi-Hole on a Synology NAS with Docker. Good job!

Thanks Morten, It may not be the cleanest write-up, but to me was the nicest way as to avoid doing a majority of the work in a headless environment as I really dont like to keep SSH available on the NAS and the Tony Lawrence how-to didn’t address the issue of the NAS not being able to talk to its own mcvlan. Now everything on my network runs through Pi-hole.

Only issue I encountered was that setting the DNS for the NAS to 192.168.100.2 didn’t work. It would break quickconnect functionality and also couldn’t connect to the docker repository. I fixed it by just setting the DNS for the NAS to 8.8.8.8 as it doesn’t need adblocking anyways.

I had that issue when first trying this install. In your setup of the docker image did you make sure to set DNSMASQ_LISTENING: Local? Without it set to local pihole will not listen to the bridge interface you created and will only listen over the mcvlan which the host device is unable to do because of the security of a mcvlan.

Edit: If I remember later when I get home ill look into it further. One of my big requirements for running pihole on my NAS was that all network device had to use it.

For me this also did not work (defining 192.168.100.2 as DNS server). I did set DNSMASQ_LISTENING to local. Did you look into it further?

I havent had time to look at it but I definitely will tonight.

If you happen to be around your pihole could you try going to you pi.hole page and in the setup change it to listen to all interfaces and apply that to see if it works?

ok, I looked at this tonight.

I have to ask but did you make sure to add your docker image to both the pihole and pihole_bridge networks?

If so can you please look to see if listen on all interfaces is selected like below?

Resolving this issue so your Synology can use pihole is more then just your Synology. All of your docker containers use the same DNS as your Synology. This will also give you the ability to run cloudflared or other DNS docker images that your pihole can use. As you see from the picture above my pihole goes back to a cloudflared docker image.

Hello I am really happy that you evolved the Lawrence guide and I am happily going to follow it. But first I need to know if I can use it with my set up. In my case I use my own DNS that runs on a OpenWRT device with Secure DNS,DNSSEC, TLS 1.3 and Encrypted SNI. At the moment I just use custom DNS: 192.168.178.2 which is my OpenWRT that is hooked to my router modem :slight_smile:

Ok, some hours later I must say many thanks to Beefyfish!
Fish Software is always the best :slight_smile:
Fact is, all works and I am very happy! Very easy set up and easy to follow. I only stumbled at the point where we had to map foldes/files.
I hat to create the folder structure first via FileExplorer or WinSCP and to create the emtpy file dnsmasq.q so I could choose it. I think the other map was a folder pihole.

As said setup works and pihole filters. I have set up pihole to use DNS on an OpenWRT device in my LAN that encrypts DNS and all is fine. Even hostnames are shown correctly in Pihole dashboard.
Also connecting my Android via Wireguard that also runs on the OpenWRT works and Pihole filers block :slight_smile: !!!

Thats good to hear. I use DD-WRT as my dhcp and name server then conditional forwarding in pi-hole so it resolves all the names on my network from my DD-WRT router…

This is the first tutorial that works on my Syno Docker :slight_smile:

Hi Beefyfish,

you wrote “All of your docker containers use the same DNS as your Synology. This will also give you the ability to run cloudflared or other DNS docker images that your pihole can use. As you see from the picture above my pihole goes back to a cloudflared docker image”.

I tryed to use “cloudflared” (for DoH) and “cloudflare-dns-server” (for DoT) in the same way as you, but I can`t connect to the docker-containers.

What bridge oder docker-connection-gateway do you use with your cloudflared-container?

Thanks for your help an also many thanks for your guidance!

I used the visibilityspots/cloudflared image. The only thing you should have to do is make sure to select “Use the same Network as Docker Host” in the Advanced>Network tab when creating the image.

Then point your Upstream DNS to the IP of your NAS bridge with #5054 at the end for the port.

You may need to set it to port #54 now as the docker file is showing.

CMD ["/bin/sh", “-c”, “/usr/local/bin/cloudflared proxy-dns --address 0.0.0.0 --port 54 --upstream https://1.1.1.1/.well-known/dns-query --upstream https://1.0.0.1/.well-known/dns-query”]

He either changed the port at some time or the shown dockerfile has an error. The easiest way to verify the port he has set is to export the docker settings and open the config file as it will show the CMD at the top.

Yeah, I`m done… Now it works great for me. I used the same IP as you for this DoH-Service (192.168.100.1, same setting on Syno+Docker). Cloudflared currently uses Port 5054.

… and again, a thousand thanks :hugs:

Good to hear. I update the post above because I wasn’t specific with IP of NAS. The only way the macvlan can ever talk to the host is through the bridge that was setup. It has to due with securities in docker.

@Beefyfish thanks for this guide however followed it exactly and am getting:

Start container Pi-hole failed: {“message”:“failed to create the macvlan port: device or resource busy”}.

Any ideas where I should be looking?

Thanks,