The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.
Once the installer has been run, you will need to configure your router to have DHCP clients use Pi-hole as their DNS server which ensures that all devices connecting to your network will have content blocked without any further intervention.
If your router does not support setting the DNS server, you can use Pi-hole's built-in DHCP server; just be sure to disable DHCP on your router first (if it has that feature available).
As a last resort, you can always manually set each device to use Pi-hole as their DNS server.
Документация: https://docs.pi-hole.net/
Docker image: https://hub.docker.com/r/pihole/pihole/
Бложик: https://pi-hole.net/blog/
# Обновить pihole -up
https://github.com/pi-hole/docker-pi-hole
Админка на порту 5001, DNS на 53. Чтобы DNS не конфликтовал с systemd-resolve на хосте, нужно на хосте
sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf' sudo systemctl restart systemd-resolved
https://github.com/pi-hole/docker-pi-hole?tab=readme-ov-file#installing-on-ubuntu-or-fedora
Если systemd-resolve был выключен, то нужно привязать порт 53 к конкретному адресу хоста, иначе контейнеры не смогут разрешать внешние имена.
ports: - 192.168.1.15:53:53/tcp - 192.168.1.15:53:53/udp
pihole: image: pihole/pihole container_name: pihole restart: unless-stopped environment: TZ: 'Europe/Moscow' WEBPASSWORD: 'Qwerty123456' WEB_PORT: 5001 VIRTUAL_HOST: 'bva.dyndns.info' PIHOLE_DNS_: '8.8.8.8;8.8.4.4;2001:4860:4860:0:0:0:0:8888;2001:4860:4860:0:0:0:0:8844;208.67.222.222;208.67.220.220;2620:119:35::35 ;2620:119:53::53;84.200.69.80;84.200.70.40;2001:1608:10:25:0:0:1c04:b12f;2001:1608:10:25:0:0:9249:d69b;1.1.1.1;1.0.0.1;2606:4700:4700::11 11;2606:4700:4700::1001' DNSSEC: true DNSMASQ_LISTENING: 'all' ports: - 192.168.1.15:53:53/tcp - 192.168.1.15:53:53/udp - 5001:5001 volumes: - '~/volumes/pihole/pihole:/etc/pihole' - '~/volumes/pihole/dnsmasq:/etc/dnsmasq.d'
Методом № 2
# One-Step Automated Install # Those who want to get started quickly and conveniently may install Pi-hole using the following command: curl -sSL https://install.pi-hole.net | bash # Alternative Install Methods # Piping to bash is controversial, as it prevents you from reading code that is about to run on your system. # Therefore, we provide these alternative installation methods which allow code review before installation: # Method 1: Clone our repository and run git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole cd "Pi-hole/automated install/" sudo bash basic-install.sh # Method 2: Manually download the installer and run wget -O basic-install.sh https://install.pi-hole.net sudo bash basic-install.sh
root@orangepione:~# pihole -q -exact vk.com Exact match found in exact whitelist vk.com Exact matches for vk.com found in: - https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_1_Russian/filter.txt - https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_1_Russian/filter.txt - https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_14_Annoyances/filter.txt - https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_14_Annoyances/filter.txt
Проблема возникает, когда DNS-порты привязаны к IP хоста. Если не указывать IP, всё работает.
ports: - 192.168.1.15:53:53/tcp - 192.168.1.15:53:53/udp
Дело в том, что сеть не успевает полностью подняться до запуска контейнера и его запуск обламывается. Для решения можно использовать следующий костыль:
# Сделать override-файл для докер-демона, запускающий скрипт systemctl edit docker [Service] # wait for the network to be up ExecStartPre=/etc/systemd/system/docker.service.d/wait_for_network.sh
# Скрипт cat << EOF > /etc/systemd/system/docker.service.d/wait_for_network.sh #!/bin/bash ipServerAddress="192.168.1.1" # Адрес роутера, например cycleLength=1 # The length of a wait cycle in seconds timeout=15 # Maximum number of seconds to wait before giving up elapsedTime=0 ping -c 1 \$ipServerAddress > /dev/null 2>&1 while [ \$? -ne 0 ]; do if [ "\$elapsedTime" -ge "\$timeout" ]; then # Timeout exit 1 fi elapsedTime=\$((elapsedTime + cycleLength)) sleep \$cycleLength ping -c 1 \$ipServerAddress > /dev/null 2>&1 done EOF # Сделать скрипт запускаемым chmod ug+x /etc/systemd/system/docker.service.d/wait_for_network.sh
echo "edns-packet-max=1232" > /etc/dnsmasq.d/99-edns.conf pihole restartdns
https://discourse.pi-hole.net/t/dnsmasq-warn-reducing-dns-packet-size/51803/9
https://discourse.pi-hole.net/t/dnsmasq-warn-reducing-dns-packet-size/51803/41