Setting up AdguardHome and PiHole on the bridge network¶
Last week I showed you how to run AdguardHome and PiHole using MacVLans. This way we didn't have to deal with any port conflicts and each dns server could be run simultaneously on its own IP address. However, it is undeniable that the MacVLan is a little bit trickier, so in this post we're going to set these up again, only one running at a time of course, in the bridge network, so that our actual server is also a DNS server.
Modifying Systemd resolved¶
Let's see how our current dns gets resolved running the following:
You'll probably see something like
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: google.com
Address: 142.250.69.238
Let's first check if we do indeed have Systemd Resolved running on port 53.
We need to disable systemd-resolved's stub DNS.
Uncomment and set the following to no
Let's also set the DNS server for the server itself to Cloudflare
Now restart systemd resolved
Setting up DNS servers.¶
PiHole docker-compose.yml
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
# DNS Ports
- "53:53/tcp"
- "53:53/udp"
# Default HTTP Port
- "80:80/tcp"
# Default HTTPs Port. FTL will generate a self-signed certificate
- "443:443/tcp"
# Uncomment the line below if you are using Pi-hole as your DHCP server
#- "67:67/udp"
# Uncomment the line below if you are using Pi-hole as your NTP server
#- "123:123/udp"
environment:
# Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
TZ: 'America/Denver'
# Set a password to access the web interface. Not setting one will result in a random password being assigned
FTLCONF_webserver_api_password: 'correct horse battery staple'
# If using Docker's default `bridge` network setting the dns listening mode should be set to 'all'
FTLCONF_dns_listeningMode: 'all'
# Volumes store your data between container upgrades
volumes:
# For persisting Pi-hole's databases and common configuration file
- './etc-pihole:/etc/pihole'
# Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
#- './etc-dnsmasq.d:/etc/dnsmasq.d'
cap_add:
# See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# Required if you are using Pi-hole as your DHCP server, else not needed
# - NET_ADMIN
# Required if you are using Pi-hole as your NTP client to be able to set the host's system time
# - SYS_TIME
# Optional, if Pi-hole should get some more processing time
- SYS_NICE
restart: unless-stopped
Adguard, PiHole, & Tailscale docker-compose.yml
services:
adguardhome:
image: adguard/adguardhome
container_name: adguardhome
restart: unless-stopped
volumes:
- ./work:/opt/adguardhome/work
- ./conf:/opt/adguardhome/conf
# ports:
# - 53:53/tcp # Standard DNS
# - 53:53/udp # Standard DNS
# - 67:67/udp # if using as a DHCP server
# - 68:68/udp # if using as a DHCP server
# - 3000:3000/tcp # Initial Web Interface
# - 4422:80
# - 4433:433 # Web interface to be binding to host over bridge
# - 853:853/tcp # DNS over TLS (DoT)
# - 784:784/udp # DNS-over-QUIC
# - 853:853/udp # DNS-over-QUIC
# - 8853:8853/udp # DNS-over-QUIC
# - 5443:5443/tcp # add if you are going to run AdGuard Home as a DNSCrypt server.
# - 5443:5443/udp # add if you are going to run AdGuard Home as a DNSCrypt server.