Filter unhealthy DNS queries with Pi-hole and DNSCrypt to keep your local network safe (one of the most straightforward and most desirable projects for your Raspberry Pi)
MIT License
Filter unhealthy DNS queries to prevent:
As per today's date, Docker's Pi-hole version is 5.x.
This project needs the following dependencies:
make
command/binary. Please check how to enable it in your operating system if you don't have it.Create a download.sh
file from the templated version:
cp s6-overlay/download.sh.tpl
chmod 755 s6-overlay/download.sh
Edit the download.sh
file to set the desired S6 Overlay version and the required server architecture
Please note I am working with an Apple M1 laptop so I need the
arm
architecture. If you work with an Intel or AMD CPU, then you will probably need thex86_64
architecture.
Run the make
command to boot up the system:
make up
It will perform the following actions:
If you ever need to stop the containers, you can use the make
command again:
make down
Once the system has boot, make sure to change the PiHole password for the one you want:
# Login into the PiHole container
docker-compose exec pihole bash
# Change PiHole password
pihole -a -p
# Don't forget to exit the container's bash
exit
After setting your admin password, you will need to set the DNS Crypt service as your primary resolver:
Settings
option from the sidebar menu, and click on the DNS
tab.Upstream DNS Servers
serviceCustom Upstream DNS Servers
and set the DNS Crypt IP Address:
172.20.0.3
Save
button is at the bottom)You will also need to add one or more black lists of hosts to prevent their access:
Adlists
option from the sidebar menu.Add
button.List of adlists
block, make sure to enable or disable the lists according to your needs.Persist the changes!!
Tools
option from the sidebar menu, and then click on the Update Gravity
submenu.Update
button; otherwise your previous configuration might not be working unless you reboot the containers.If you want to use this service on a specific devices, then configure the DNS server on that device to target your Pi-hole + DNSCrypt server.
If you want to use this service for your entire network, then configure the DNS server on your router or NAT networks to target your Pi-hole + DNSCrypt server.
If this project is not running in a home environment, then you might want to consider booting up two instances of this service in two different servers. This way, you can consider a secondary DNS server in case you run maintenance actions.
By default, Pi-hole blocks Apple Private Relay
connections. It is not possible to allow them through Pi-hole whitelists.
If you wish to allow Apple Private Relay connections, stop the containers (make down
), and add the following configuration to your Pi-hole config files:
# pihole/etc-pihole/pihole-FTL.conf
# ...
BLOCK_ICLOUD_PR=false
# ...
ERROR: Pool overlaps with other one on this address space
The error message you're encountering suggests that the IP address range you specified for the bridge network in Docker overlaps with another existing network. Docker requires unique IP address ranges for each network to avoid conflicts.
Your options are:
docker-compose.yaml
file and assign a new IP Address range; orRead more about the used tech here:
Special thanks to:
Pi-hole
, DNSCrypt
, blacklists
and S6 Overlay
as this project would no exist without their unvaluable contribution