search

gcgarner / IOTstack

docker stack for getting started on IOT on the Raspberry PI
GNU General Public License v3.0
1.51k stars 584 forks source link

Unbound (DNS) #134

Open Slyke opened 4 years ago

Slyke commented 4 years ago

Hello,

Since nginx reverse proxy hasn't been put in yet, I didn't submit a PR which would probably have merge conflicts.

I did find a good config that works with PiHole for the Unbound DNS service:

https://gist.github.com/SeanChristopherConway/db780ac550198e1e52231f9a62046af0#file-docker-compose-yaml

version: "3.7"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    dns: 127.0.0.1
    restart: unless-stopped
    links:
      - unbound
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 67:67/udp
      - 80:80/tcp
      - 443:443/tcp
    environment:
      ServerIP: {server_ip, eg. 192.x.x.x}
      DNS1: 10.0.0.2#53
      DNS2: "no"
      IPv6: "no"
      TZ: America/Vancouver
      PROXY_LOCATION: pihole
    cap_add:
      - NET_ADMIN
    volumes:
     - ${DOCKER_CONFIGS}/docker_pihole/pihole/:/etc/pihole/ #use a .env file to set, eg. DOCKER_CONFIGS=/whatever_folder_you_want
     - ${DOCKER_CONFIGS}/docker_pihole/pihole/dnsmasq.d/:/etc/dnsmasq.d/
    networks:
     pihole_net:
       ipv4_address: 10.0.0.3

  unbound:
     container_name: unbound
     image: klutchell/unbound:armv7hf
     restart: unless-stopped
     networks:
      pihole_net:
        ipv4_address: 10.0.0.2

networks:
  pihole_net:
    driver: bridge
    ipam:
     config:
       - subnet: 10.0.0.0/29

The above configuration has pihole and unbound working together.

Happy to submit this as a PR too and tie it into the script.

Slyke commented 4 years ago

Actually, I just spent a few hours trying to get it running. It's been a pain. Unbound is actually quite difficult to setup inside docker, with configs.

Upon further investigation, I found you can inject entries into your /etc/hosts file with docker-compose:

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 67:67/udp
      - 80:80/tcp
      - 443:443/tcp
    cap_add:
      - NET_ADMIN
    volumes:
     - ./volumes/pihole/etc-pihole/:/etc/pihole/
     - ./volumes/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/
    extra_hosts:
      router: 192.168.7.1
      tree: 4.3.2.1

This would go well with https://github.com/gcgarner/IOTstack/issues/128