Level up your network with cutting-edge tech. This Docker container effortlessly combines Pi-Hole and Unbound, giving you the ultimate privacy and performance combo in a single package. It's the future of network management, available today.
Note
Development for the development-v6 tag is currently on hold. The development-v6 tag uses Alpine Linux. If you're familiar with Alpine, we encourage you to check out the Dockerfile-Dev-V6 file. Your contributions are highly appreciated!
We utilise the docker buildx for multi-platform awareness. More information is available from docker here.
Simply pulling rlabinc/pihole-unbound:latest should retrieve the correct image for your arch, but you can also pull specific arch images via --platform.
The architectures supported by this image are:
| Architecture | Available | Platform |
|---|---|---|
| amd64 | β | linux/amd64 |
| arm64 | β | linux/arm64 |
| armhf | β | linux/arm/v7 |
| armel | β | linux/arm/v6 |
Here are the commands you'll need:
docker run -d --name pihole-unbound \
--name=pihole-unbound \
-e TZ=Europe/London `#optional` \
-p 53:53/tcp -p 53:53/udp \
-p 80:80/tcp `#Pi-hole web interface port` \
-e WEBPASSWORD='qwerty123' `#better to use single quotes` \
--restart=always \
rlabinc/pihole-unbound:latestThe Docker tags supported by this image are:
| Tag | Type | Status | Development | Description |
|---|---|---|---|---|
latest |
Stable |  |
β | Always latest release |
2024.02.2-1.19.3 |
Stable | |
β | Date-based release [Pi-hole Version-Unbound Version] |
dev |
Beta |  |
β | Similar to latest, but for the development branch (pushed occasionally) |
development-v6 |
Beta |  |
β³ | Upcoming development-v6 release |
test |
Test | β | π¬ | Testing purpose only |
Note: The
development-v6has been entirely redesigned from the ground up and contains many breaking changes, for more info regardingdevelopment-v6visit here.
Modern releases of Ubuntu (17.10+) include systemd-resolved which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53.
The stub resolver should be disabled with: sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf
This will not change the nameserver settings, which point to the stub resolver thus preventing DNS resolution. Change the /etc/resolv.conf symlink to point to /run/systemd/resolve/resolv.conf, which is automatically updated to follow the system's netplan:
sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'
After making these changes, you should restart systemd-resolved using systemctl restart systemd-resolved
Once pi-hole is installed, you'll want to configure your clients to use it (see here). If you used the symlink above, your docker host will either use whatever is served by DHCP, or whatever static setting you've configured. If you want to explicitly set your docker host's nameservers you can edit the netplan(s) found at /etc/netplan, then run sudo netplan apply.
Example netplan:
network:
ethernets:
ens160:
dhcp4: true
dhcp4-overrides:
use-dns: false
nameservers:
addresses: [127.0.0.1]
version: 2Note that it is also possible to disable systemd-resolved entirely. However, this can cause problems with name resolution in vpns (see bug report). It also disables the functionality of netplan since systemd-resolved is used as the default renderer (see man netplan). If you choose to disable the service, you will need to manually set the nameservers, for example by creating a new /etc/resolv.conf.
Users of older Ubuntu releases (circa 17.04) will need to disable dnsmasq.
Container images are configured using parameters passed at runtime (such as those above).
| Parameter | Function | development-v6 Only |
|---|---|---|
-e TZ=Europe/London |
Specify a timezone to use ex Europe/London. | -e TZ=Europe/London |
-p 53:53/tcp -p 53:53/udp |
Default DNS port to use. | -p 53:53/tcp -p 53:53/udp |
-p 80:80/tcp |
Specify Pi-hole web interface port. | -p 80:80/tcp |
-e WEBPASSWORD='qwerty123' |
Specify Pi-hole web interface password. It is better to use single quotes. | -e FTLCONF_webserver_api_password='qwerty123' |
--restart=always |
To make sure "It's Always DNS" does not happen. | --restart=always |
-v /opt/unbound/etc/unbound |
Your customized Unbound configuration unbound.conf location. |
-v /opt/unbound/etc/unbound |
This Docker container supports all Pi-hole official Docker container environment variables available here.
- Telegram Support
- Pihole Docker Github Repository
- Unbound Github Repository
- Pi-hole Unbound Github Repository
- Pi-hole Unbound Docker Hub
The code in this image is heavily influenced by MatthewVance's unbound-docker with the help of chriscrowe's docker-pihole-unbound server Docker image configs, However, the upstream projects most certainly also deserve credit for making this all possible.
I'm not responsible if your internet goes down using this Docker container. Use at your own risk.
