Network-wide ad blocking via your own Linux hardware with DoT
🐳 Pi-hole Docker image from Pi-hole with Unbound DNS over TLS (DoT) proxy for several providers
The unbound daemon runs in 0.0.0.0#5353 and Pi Hole can use it as upstream DNS.
Access to the multi-platform docker image.
Supported platforms:
- linux/amd64
- linux/arm/v7
- linux/arm64/v8
Access to the git repository
👀Local Client > (Local Clear DNS) -> Pi-hole > (Host Internal Clear DNS) -> Unbound > (Internet DoT) -> DoT DNS provider
💡 You can use all the environment configuration from the base docker image Pi-hole
The enhancement is the the unbound daemon configured to use DNS over TLS (DoT)
👉The unbound DoT upstream can be configured by the DOT_UPSTREAM environment variable
- cloudflare
- cloud9-secure
- cloud9-insecure
- adguard
- adguard-family
- adguard-nonfiltering
- cleanbrowsing-security
- cleanbrowsing-family
- cleanbrowsing-adult
- comcast
- dnssb
- pumplex
⭐Additionally the DOT_UPSTREAM environment variable can be defined by one or several user defined upstream DNS IP
- 8.4.4.8
- 1.1.1.1,8.8.8.8
- 8.8.8.8,1.1.1.1,9.9.9.9
☝️To use the local unbound daemon DoT DNS upstream server, it can be defined by DNS1=127.0.01#5353 and DNS2=no environment variables
💪In this example is used DOT_UPSTREAM, DNS1 and DNS2 environment variables
docker run --init -d --restart=always --network=eraser --dns 127.0.0.1 --ip 192.168.0.2 -e ServerIP="192.168.0.2" --hostname pihole -e VIRTUAL_HOST="pihole" --name="pihole" -e "WEBPASSWORD=admin" -e "TZ=Europe/Madrid" -e "DOT_UPSTREAM=1.1.1.1,1.0.0.1" -e "DNS1=127.0.0.1#5353" -e "DNS2=no" -e "BLOCKING_ENABLED=yes" --cap-add=NET_ADMIN --cap-add=SYS_NICE -v /opt/docker/pihole/dnsmasq.d:/etc/dnsmasq.d/ -v /opt/docker/pihole/pihole:/etc/pihole juampe/pihole-dot
git clone https://github.com/juampe/docker-pi-hole-dot.git
docker buildx build --push --platform linux/arm/v7,linux/arm64/v8,linux/amd64 --tag juampe/pihole-dot:latest .
🙏Thanks to https://github.com/pi-hole/docker-pi-hole
🙏Thanks to https://github.com/stafwag/docker-stafwag-unbound