Pi-hole project using balenaOS - help with configuration

Hi, the project to install pi-hole (https://www.balena.io/blog/deploy-network-wide-ad-blocking-with-pi-hole-and-a-raspberry-pi/) is pretty awesome, thanks for the writeup. I’ve actually successfully deployed it but I have some questions.

• How do you configure the dnscrypt-proxy / unbound / dohnut applications?
• Importantly, I’d like to be able to point the DNS resolvers to my OpenDNS setup, for home use, to prevent kids from getting inappropriate content.

Otherwise, it’s a really cool project and just works!

Thanks very much!

Hello @billagee, great to know that you are enjoying your Pi-Hole setup with balena.

• For the DNS resolver, I believe you can point to your OpenDNS setup on http:///admin/settings.php?tab=dns, in Upstream DNS Server.

As for configuring the applications, I would like to suggest that you ask in the pi-hole community forums about specifics of the platform, they will be more knowledgeable about it.

Cheers

Hi @billagee

You can use either of the other upstream resolvers by adjusting your configuration in the Pi-hole admin, as per the notes in the docker-compose.yml file here: https://github.com/klutchell/balena-pihole/blob/master/docker-compose.yml

For example if you wanted to use Unbound you’d set the DNS1 and DNS2 service configuration entries as per our tutorial. If you’re looking to use OpenDNS then you would set these two variables to OpenDNS instead.

Unbound is a recursive resolver which means it doesn’t rely on any other service (and hence takes a little longer) so you couldn’t use that with OpenDNS.

I hope this helps!

Hi Chris, thanks! This is really helpful. I had previously had pi-hole and dnscrypt running on my RPi, and the dnscrypt settings used Cisco (OpenDNS) and I’m trying to replicate that type of arrangement with this great project. Do you think I can change the unbound.conf file per below and limit to OpenDNS? Many thanks, now I can at least move around between the three options!

Best regards,

Bill

from unbound.conf file:

Use the following forward-zone to forward all queries to Google DNS,
OpenDNS.com or your local ISP’s dns servers for example. To test resolution
speeds use “drill calomel.org @8.8.8.8” and look for the “Query time:” in
milliseconds.

forward-zone:
name: “.”
forward-addr: 1.1.1.1@53#one.one.one.one
forward-addr: 8.8.8.8@53#dns.google
forward-addr: 9.9.9.9@53#dns.quad9.net
forward-addr: 1.0.0.1@53#one.one.one.one
forward-addr: 8.8.4.4@53#dns.google
forward-addr: 149.112.112.112@53#dns.quad9.net

Hi again Bill, if you update your project now you’ll find that dnscrypt is back as the primary (and only) resolver, so you may well be able to configure it in the same way as you used to!

Hi guys!

Sorry for noob question, but I really want to understand this dns thing a bit deeper…

Could anyone explain here how adding dohnut (and probably unbound) to current balena-pihole setup (pihole with dnscrypt-proxy as the only upstream resolver) can improve the dns resolution quality/security? Or is it just unnecessary as the dnscrypt-proxy already does what the dohnut supposed to do? Why would the one need to use unbound (caching dns resolver) in addition to pihole, which also has caching dns resolver capabilities with it’s dnsmasq/FTL? Please correct me if I said anything wrong… I would appreciate your explanations/opinions/ideas. Thank you.

Hi, my opinion is that it would just add a fallback. Doesn’t seem to me it would improve over the default dnscrypt-proxy. But just provide for an alternative if one is more used to other dns resolving implementations.

@floion, thanks for your answer. Do you mean that dohnut provides additional scope of upstream resolvers, that different from the one dnscrypt-proxy2 provides?

What I meant was that both are providing DNS over HTTPS. So they are different implementations of the same concept. So just a matter of preference when choosing between them.