Using Pi-hole with Unbound: Difference between revisions
Prabuanand (talk | contribs) (added root-hints reference) |
Prabuanand (talk | contribs) (added note on http://pi.hole and wikilink) |
||
| (12 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
This page documents the steps to use Pi-hole with | This page documents the steps to use [https://pi-hole.net/ Pi-hole] with [[Setting_up_unbound_DNS_server|unbound]] as an All-Around DNS Solution along with ad-blocker functionality by using a publicly available blacklist. | ||
== Prerequisites == | == Prerequisites == | ||
* | * A {{Pkg|dnsmasq}} (or another DHCP server/router) on the network, as DHCP function of Pi-hole is not used here. | ||
== Installation == | == Installation == | ||
| Line 9: | Line 9: | ||
Currently the {{pkg|pihole}} is available in the [[Repositories#Testing|testing]] repository. It can be safely installed by following the [[Repositories#Using_testing_repository|guidelines]] for enabling the testing repo and for installing such packages with the use of the ''@testing'' tag. | Currently the {{pkg|pihole}} is available in the [[Repositories#Testing|testing]] repository. It can be safely installed by following the [[Repositories#Using_testing_repository|guidelines]] for enabling the testing repo and for installing such packages with the use of the ''@testing'' tag. | ||
The command below installs | The command below installs necessary packages:{{cmd|$ doas apk add pihole@testing unbound}} | ||
== Configuration == | == Configuration == | ||
{{ | Add your local user to the 'pihole' group as follows: {{cmd|$ doas addgroup $USER pihole}} | ||
{{Note|This section uses 192.168.1.3 as IP address of Pi-hole server, while the Internet gateway router/DHCP server is at 192.168.1.1}} | |||
Create a file {{Path|/etc/unbound/unbound.conf.d/pi-hole.conf}} based on the content given in [https://docs.pi-hole.net/guides/dns/unbound unbound page of Pi-hole website]. | === Unbound configuration === | ||
Create a file {{Path|/etc/unbound/unbound.conf.d/pi-hole.conf}} based on the content given in [https://docs.pi-hole.net/guides/dns/unbound/#configure-unbound unbound page of Pi-hole website]. | |||
[[Setting_up_unbound_DNS_server#Download root hints|Download root hints]] for the Unbound server. | [[Setting_up_unbound_DNS_server#Download root hints|Download root hints]] for the Unbound server. | ||
Ensure that | Ensure that the {{Path|/etc/unbound/unbound.conf}} file has only the following line uncommented:{{Cat|/etc/unbound/unbound.conf|# All lines are to be commented out like this, except the below ... | ||
include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"}} | include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"}} | ||
Once the above changes are made, [[Setting_up_unbound_DNS_server#Service_management|check the unbound config and restart the unbound service]]. | Once the above changes are made, [[Setting_up_unbound_DNS_server#Service_management|check the unbound config and restart the unbound service]]. | ||
== Service management == | |||
Add the {{ic|pihole}} service to auto-start using [[OpenRC]]: {{Cmd|$ doas rc-update add pihole default}} | |||
{{ic|pihole}} service can be managed using standard '''start|stop|restart''' [[OpenRC]] commands. To start the service immediately:{{Cmd|$ doas rc-service pihole start}} | |||
== Using web interface to configure Pi-hole == | |||
The Pi-hole web interface can be used only if the {{ic|pihole}} service is started as per instructions in the [[#Service management|service management]] section. Once the {{ic|pihole}} service is started, connect to Pi-hole web interface for further configuration: '''https://192.168.1.3/admin/''' | |||
=== Enable recursive DNS === | |||
Add unbound to the Custom DNS servers section on the admin page: https://192.168.1.3/admin/settings/dns as follows:'''127.0.0.1#5335''' | |||
Remember to '''Save&Apply''' to make the changes to Pi-hole permanent. From now onwards, you can start using Pi-hole ip address:192.168.1.3 as DNS server for your clients. From clients using 192.168.1.3 as DNS, Pi-hole admin page can be reached at http://pi.hole/admin/ | |||
=== Add blocklist file === | |||
On the Subscribed lists group management page at http://pi.hole/admin/groups/lists, add [[Using Unbound as an Ad-blocker#Ad-blocker blacklists|steven black list]] by adding an entry '''<nowiki>http://sbc.io/hosts/hosts</nowiki>''' and Click '''Add blocklist''' button. | |||
To load the blocklist, Update Gravity (list of blocked domains) by clicking '''Update''' on the page http://pi.hole/admin/gravity or running the command: {{Cmd|$ pihole -g}} | |||
Ensure that your clients point their DNS to Pi-hole ip address:192.168.1.3 to enjoy Ad-Free browsing! | |||
== See also == | == See also == | ||
* [https://docs.pi-hole.net/ Official Pi-hole documentation] | |||
* [https://docs.pi-hole.net/guides/dns/unbound/ Pi-hole as All-Around DNS Solution] | |||
* [[Setting_up_unbound_DNS_server|unbound]] | * [[Setting_up_unbound_DNS_server|unbound]] | ||
* [[Using Unbound as an Ad-blocker]] | * [[Using Unbound as an Ad-blocker]] | ||
[[Category:Networking]] | |||
Latest revision as of 15:44, 6 November 2025
This page documents the steps to use Pi-hole with unbound as an All-Around DNS Solution along with ad-blocker functionality by using a publicly available blacklist.
Prerequisites
- A dnsmasq (or another DHCP server/router) on the network, as DHCP function of Pi-hole is not used here.
Installation
Currently the pihole is available in the testing repository. It can be safely installed by following the guidelines for enabling the testing repo and for installing such packages with the use of the @testing tag.
The command below installs necessary packages:
$ doas apk add pihole@testing unbound
Configuration
Add your local user to the 'pihole' group as follows:
$ doas addgroup $USER pihole
Unbound configuration
Create a file /etc/unbound/unbound.conf.d/pi-hole.conf based on the content given in unbound page of Pi-hole website.
Download root hints for the Unbound server.
Ensure that the /etc/unbound/unbound.conf file has only the following line uncommented:
Contents of /etc/unbound/unbound.conf
Once the above changes are made, check the unbound config and restart the unbound service.
Service management
Add the pihole service to auto-start using OpenRC:
$ doas rc-update add pihole default
pihole service can be managed using standard start|stop|restart OpenRC commands. To start the service immediately:
$ doas rc-service pihole start
Using web interface to configure Pi-hole
The Pi-hole web interface can be used only if the pihole service is started as per instructions in the service management section. Once the pihole service is started, connect to Pi-hole web interface for further configuration: https://192.168.1.3/admin/
Enable recursive DNS
Add unbound to the Custom DNS servers section on the admin page: https://192.168.1.3/admin/settings/dns as follows:127.0.0.1#5335
Remember to Save&Apply to make the changes to Pi-hole permanent. From now onwards, you can start using Pi-hole ip address:192.168.1.3 as DNS server for your clients. From clients using 192.168.1.3 as DNS, Pi-hole admin page can be reached at http://pi.hole/admin/
Add blocklist file
On the Subscribed lists group management page at http://pi.hole/admin/groups/lists, add steven black list by adding an entry http://sbc.io/hosts/hosts and Click Add blocklist button.
To load the blocklist, Update Gravity (list of blocked domains) by clicking Update on the page http://pi.hole/admin/gravity or running the command:
$ pihole -g
Ensure that your clients point their DNS to Pi-hole ip address:192.168.1.3 to enjoy Ad-Free browsing!