This fork contains modifications to the one-container unbound resolver configuration designed to create a long-lived local DNS cache. Most use-cases for unbound involve recursive DNS to get the authoritative response to a DNS query. However, this configuration has been modified so that unbound keeps a large cache with a min-ttl of 3 days (259200 seconds). When a DNS query needs to be resolved outside of the cache, unbound forwards the query to public non-authoritatuive DNS servers. (In my case, my ISP's DNS and Cloudflare DNS as a fallback).
With authoritative DNS, cached responses return in <1ms and un-cached in ~100-300ms With forwarded DNS, cached responses return in <1ms and un-cached in ~25ms
Note that this configuration is not ideal for most use cases because the min-ttl is extrtemely high. Consider lowering the min-ttl and allowing prefetches to happen more frequently to keep more fresh records.
This Docker deployment runs both Pi-Hole and Unbound in a single container.
The base image for the container is the official Pi-Hole container, with an extra build step added to install the Unbound resolver directly into to the container based on instructions provided directly by the Pi-Hole team.
First create a .env file to substitute variables for your deployment.
Vars and descriptions replicated from the official pihole container:
| Variable | Default | Value | Description |
|---|---|---|---|
TZ |
UTC | <Timezone> |
Set your timezone to make sure logs rotate at local midnight instead of at UTC midnight. |
WEBPASSWORD |
random | <Admin password> |
http://pi.hole/admin password. Run docker logs pihole | grep random to find your random pass. |
FTLCONF_REPLY_ADDR4 |
unset | <Host's IP> |
Set to your server's LAN IP, used by web block modes and lighttpd bind address. |
REV_SERVER |
false |
<"true"|"false"> |
Enable DNS conditional forwarding for device name resolution |
REV_SERVER_DOMAIN |
unset | Network Domain | If conditional forwarding is enabled, set the domain of the local network router |
REV_SERVER_TARGET |
unset | Router's IP | If conditional forwarding is enabled, set the IP of the local network router |
REV_SERVER_CIDR |
unset | Reverse DNS | If conditional forwarding is enabled, set the reverse DNS zone (e.g. 192.168.0.0/24) |
WEBTHEME |
default-light |
<"default-dark"|"default-darker"|"default-light"|"default-auto"|"lcars"> |
User interface theme to use. |
Example .env file in the same directory as your docker-compose.yaml file:
FTLCONF_REPLY_ADDR4=192.168.1.10
TZ=America/Los_Angeles
WEBPASSWORD=QWERTY123456asdfASDF
REV_SERVER=true
REV_SERVER_DOMAIN=local
REV_SERVER_TARGET=192.168.1.1
REV_SERVER_CIDR=192.168.0.0/16
HOSTNAME=pihole
DOMAIN_NAME=pihole.local
PIHOLE_WEBPORT=80
WEBTHEME=default-light
Portainer stacks are a little weird and don't want you to declare your named volumes, so remove this block from the top of the docker-compose.yaml file before copy/pasting into Portainer's stack editor:
volumes:
etc_pihole-unbound:
etc_pihole_dnsmasq-unbound:docker-compose up -dIf using Portainer, just paste the
docker-compose.yamlcontents into the stack config and add your environment variables directly in the UI.