Show pageBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Pihole ====== ===== Installation ===== $ git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole $ cd "Pi-hole/automated install/" $ sudo bash basic-install.sh ===== Setup ===== ==== DNS ==== 1. Unbound 2. OR DNSMasq === Unbound === # recursive DNS server solution $ sudo apt install unbound dnsmasq $ wget -O root.hints https://www.internic.net/domain/named.root $ sudo mv root.hints /var/lib/unbound/ # configure unbound $ sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf </etc/unbound/unbound.conf.d/pi-hole.conf> server: # If no logfile is specified, syslog is used # logfile: "/var/log/unbound/unbound.log" verbosity: 0 port: 5353 do-ip4: yes do-udp: yes do-tcp: yes # May be set to yes if you have IPv6 connectivity do-ip6: no # Use this only when you downloaded the list of primary root servers! root-hints: "/var/lib/unbound/root.hints" # Trust glue only if it is within the servers authority harden-glue: yes # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS harden-dnssec-stripped: yes # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details use-caps-for-id: no # Reduce EDNS reassembly buffer size. # Suggested by the unbound man page to reduce fragmentation reassembly problems edns-buffer-size: 1472 # Perform prefetching of close to expired message cache entries # This only applies to domains that have been frequently queried prefetch: yes # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine it should be unnecessary to seek performance enhancement by increasing num-threads above 1. num-threads: 1 # Ensure kernel buffer is large enough to not lose messages in traffic spikes so-rcvbuf: 1m # Ensure privacy of local IP ranges private-address: 192.168.0.0/16 private-address: 169.254.0.0/16 private-address: 172.16.0.0/12 private-address: 10.0.0.0/8 private-address: fd00::/8 private-address: fe80::/10 $ sudo service unbound start $ dig pi-hole.net @127.0.0.1 -p 5353 # test DNSSEC validation $ dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5353 $ dig sigok.verteiltesysteme.net @127.0.0.1 -p 5353 # configure PiHole http://192.168.35.30/admin/settings.php?tab=dns Upstream DNS Servers: Custom 1 (ipv4): 127.0.0.1#5353 === DNSMasq === # option available for routers with OpenWRT, DD-WRT, etc. # per host tracking on pi-hole, ability to resolve hostnames on LAN, ad blocking/network monitoring provided by pi-hole # Additional DNSMasq Options dhcp-option=6,192.168.35.30 # configure PiHole http://192.168.35.30/admin/settings.php?tab=dns Upstream DNS Servers: Custom 1 (ipv4): 192.168.1.1 ==== PiHole Server ==== [x] DHCP server enabled Router (gateway) IP address: 192.168.35.1 Domain: lan Lease time in hours: 24 [x] Enable IPv6 support (SLAAC + RA) [x] Enable DHCP rapid commit (fast address assignment) ==== Router ==== === Internet Setup === == Internet IP Addres == [x] Get dynamically from ISP == Domain Name Server (DNS) Address == [x] Use these DNS servers 192.168.35.30 == LAN Setup == # disabled [] Use Router as DHCP Server ===== Debug ===== # generate debug log $ pihole -d ===== Errors ===== # Network tab fails to load, something is using port 80 (maybe apache2?) $ sudo system lighttpd status selfhosted/pihole.txt Last modified: 2023/07/03 01:53by hli