[SUPPORT] - Community Applications - pihole-unbound

[TeddyTux]

Pihole-Unbound Community Applications Template

 

Welcome to the support page of the Pihole-Unbound Community Applications template. This runs both Pi-Hole and Unbound in a single container.  The base image for the container is the official Pi-Hole container, with an extra build step added to install the Unbound resolver directly into to the container based on instructions provided directly by the Pi-Hole team.

 

Pi-hole includes a caching and forwarding DNS server, now known as FTLDNS. After applying the blocking lists, it forwards requests made by the clients to configured upstream DNS server(s). However, this leads to some privacy concerns as it ultimately raises questions about whom you trust with the all the dns lookup data from your household.    

 

You have a few options of whom to trust:
 

1.  Your ISP.  Unfortunately, they often monetize and sell this marketing data.

Example: Pi-hole -> FTLDNS -> Your ISP -> Authoratative Server

 

2. A third party DNS service (ie. Quad9, Cloudflare, Google, etc). 

Unblocked DNS requests from Pi-hole will hit FTLDNS then pass to third party DNS.  You're still trusting a third party company, so choose carefully.

Example: Pi-hole -> FTLDNS -> Cloudflare -> Authoratative Server

 

3. Run your own recursive DNS server, like Unbound!

This is what this template does.  Unblocked DNS requests from Pi-hole will hit Unbound then be made directly to the authoritative servers instead of routing through a third party dns services.  This way you & only you, maintain full control of your DNS data. 

Example: Pi-hole -> Unbound -> Authoritative Server

 

This template installs the one-container (new) version of the docker container described at the github for the project:

https://github.com/chriscrowe/docker-pihole-unbound/tree/main

Edited January 22 by TeddyTux

[Wimpie]

Thanks for the template.

 

It installed ok on my server (got it's own IP). Now looking to configure it. 

[Sic79]

Thanks for the Docker, but it seems like the Git is not updated so often

There is another project identical to this that is maintained regulary here: https://github.com/origamiofficial/docker-pihole-unbound

Maybe worth to take a look at instead?

[Jabberwocky]

Installed fine on my new system but was wondering:

• where can i take a look at my unbound.conf? Could not find it in /mnt/user/appdata/pihole-unbound and its subfolders
• i have a notification on the pihole interface about an available update (see screenshot). Usually i would just go for an "pihole -up" but as i understood, that's not the way with Docker. How can i install the update instead? 

My apology for asking for seemingly obvious things - i am srsly new to Docker and Unraid. Any help is highly appreciated!

 

 

@Sic79 I am happy to try the other one but unfortunatelly i failed at the installation. Can you maybe point me to some beginner-friendly tutorial how to install it?

 

Edited January 24 by Jabberwoocky

[TeddyTux]

On 1/22/2024 at 10:30 AM, Sic79 said:

Thanks for the Docker, but it seems like the Git is not updated so often

There is another project identical to this that is maintained regulary here: https://github.com/origamiofficial/docker-pihole-unbound

Maybe worth to take a look at instead?

I always understood that stars are good indicator of projects on github.  This one has 900+ stars and was updated inside of a month, so I figured it was widely adopted/well regarded.

Edited January 25 by TeddyTux

[Jabberwocky]

Just for a better understanding - there is currently no updated version of the Docker Container (as seen here (https://github.com/chriscrowe/docker-pihole-unbound/tree/main)) to get rid of the "Update available"-Message, correct?

 

And is there maybe a way to look into the unbound.conf to make some adjustements like DOH / DOT / Upstream Servers.. ?

[TeddyTux]

On 1/25/2024 at 9:21 AM, Jabberwocky said:

Just for a better understanding - there is currently no updated version of the Docker Container (as seen here (https://github.com/chriscrowe/docker-pihole-unbound/tree/main)) to get rid of the "Update available"-Message, correct?

 

And is there maybe a way to look into the unbound.conf to make some adjustements like DOH / DOT / Upstream Servers.. ?

Hi!  You are correct, you simply wait for the github repo to update, then restart the container.  The docker container will always pull the newest version on restart.  Right now, there is nothing to do except wait.

 

You should not be attempting to make changes in unbound.conf (I'm guessing you're reading a bunch of different guides...).  You should make changes by adding or updating environment variables to the docker container.  Check the github page for a list of common options:

https://github.com/pi-hole/docker-pi-hole/#environment-variables

 

I simply created the template to make it easy for the community to use pihole+unbound on Unraid.  I'm not affiliated with the github project, but I am happy to help when possible.

 

Upstream Servers are irrelevant.  Unbound is the upstream server, but locally hosted. Thats why it points at 127.x.x.x.  Eliminating reliance on a 3rd party like google/cloudflare/etc.

 

See here for relevant discussion on doh/dot/unbound:

 

this was a helpful dns primer:

https://threat.media/definition/what-is-an-authoritative-dns-server/
 

 

Edited January 28 by TeddyTux

[Jabberwocky]

Thanks for the clarification!

Learned a lot in the last few days about Docker and how to run everything on unraid

I had Pihole & Unbound set up manually on a Raspberry before and never used Docker before.

 

Please correct me if i am worng but with Unbound being the upstream server, to which upstream DNS servers will it talk to? And how (DOT/DOH)?

https://unbound.docs.nlnetlabs.nl/en/latest/topics/privacy/dns-over-https.html#

 

So the DNS Request goes like this:

Your PC ---> Pihole ---> Unbound ---> ?

 

I checked your link to Github/Pihole but can i pass / check the configuration with environemnt variables to unbound, too?

 

 

[TeddyTux]

On 1/29/2024 at 9:44 AM, Jabberwocky said:

Thanks for the clarification!

Learned a lot in the last few days about Docker and how to run everything on unraid

I had Pihole & Unbound set up manually on a Raspberry before and never used Docker before.

 

Please correct me if i am worng but with Unbound being the upstream server, to which upstream DNS servers will it talk to? And how (DOT/DOH)?

https://unbound.docs.nlnetlabs.nl/en/latest/topics/privacy/dns-over-https.html#

 

So the DNS Request goes like this:

Your PC ---> Pihole ---> Unbound ---> ?

 

I checked your link to Github/Pihole but can i pass / check the configuration with environemnt variables to unbound, too?

 

 

Your PC ---> Pihole ---> Unbound ---> Authoritative DNS Server

 

There are no authoritative servers that support DOT/DOH yet, unfortunately.

 

I don't know how you would adjust unbound settings.  I'd check with the github page for the container.  I'm not sure why you'd want to though.  It's one of the perks of the container.  It automatically coordinates the pihole/unbound stack for you.  Pihole starts up automatically pointing at the unbound server and everything.... simply load your adlist of choice. 

[Jabberwocky]

I agree with having an easy installation and setup with just adding one container but, no offence, especially when it comes to data privacy & security (why else would you add Unbound to PiHole?), i prefer to have some more details about the internal configuration.

I'll take a look at running pihole & unbound in separate containers to have some more controll over it

[granite]

Just tried to install this, however it errored out. I assume it's a syntax issue with the template?

 

docker: invalid spec: :REV_SERVER_TARGET:rw: empty section between colons.
See 'docker run --help'.

The command failed.

[JonathanM]

Install the docker patch plugin in apps.

[granite]

8 hours ago, JonathanM said:

Install the docker patch plugin in apps.

Thanks, that worked.

Sorry, I'm new here.

[TekWarren]

Super noob to pihole and unbound but sounded like using the double wammy was the way to go. I'm figuring out pihole but not sure how to really tell if unbound is "working"? When I'm looking at the query log and it shows "answered by 172.0.0.11 #53" does that mean unbound had to go look for that record? 

[TekWarren]

I am also getting this error on the settings page:

There was a problem applying your settings.
Debugging information:
PHP error (2): fopen(/etc/pihole/dns-servers.conf): failed to open stream: No such file or directory in /var/www/html/admin/scripts/pi-hole/php/savesettings.php:110

[ephdisk]

On 2/22/2024 at 5:00 PM, granite said:

Just tried to install this, however it errored out. I assume it's a syntax issue with the template?

 

docker: invalid spec: :REV_SERVER_TARGET:rw: empty section between colons.
See 'docker run --help'.

The command failed.

The template line for REV_SERVER_TARGET is incorrectly set as a Path instead of Variable. 

 

I created a REV_SERVER_TARGET variable line and deleted the original path entry.  That got rid of my errors and also helped it start faster. 

 

Aside from that Unbound fails to start intermittently and the container stops responding to DNS unless you restart it a few times.  As much as I love this idea, I had to revert back to the official.  I will be keeping tabs on this though.  Please keep up the great work. 

Edited March 19 by ephdisk

[fmorgan101]

On 2/22/2024 at 4:05 PM, JonathanM said:

Install the docker patch plugin in apps.

Whats the name of the plugin?

[JorgeB]

12 hours ago, fmorgan101 said:

Whats the name of the plugin?

Update to latest release and the plugin is no longer necessary. 

[Spiritvs]

3 weeks and still no docker update to the latest version?????