Local pihole-unbound-docker useable as DNS would be nice

[Broeckelmann]

What would you like to add or change?:
Would be nice if it would be possible to use pihole-unbound-docker locally in portmaster. I tried around a bunch and I just can't get it to work. (may be related to issue #166)

(Edit: I am using Windows btw, with WSL backend for docker)

Why do you and others need this?:
To make it possible to rely on a locally hosted dns server, which is much faster after having built up the cache a bit.
And also no more reliance on some DNS provider.

[dhaavi]

Hey @Broeckelmann, that's a nice idea.

I got it to work by launching:
sudo docker run --rm -ti -p 54:53/udp -p 80:80 --env WEBPASSWORD=password cbcrowe/pihole-unbound:latest
(The important bit is to use 54:53 for the UDP port, as 53 is taken by the Portmaster.)

And then configuring this as a DNS Server within Portmaster:
dns://<local IP>:54

Note: You will need to use a local IP address, but NOT anything in 127/8 as these are ignored by the Portmaster. I will improve on that.

To make it possible to rely on a locally hosted dns server, which is much faster after having built up the cache a bit.

The Portmaster also has a built-in cache, so I'm not sure how much added benefit you would have.
Also, be reminded that your ISP will see all your queries. With the Portmaster in the default configuration, the ISP will not see your DNS requets.

And also no more reliance on some DNS provider.

This is why you can add multiple DNS providers to the Portmaster, in case one really goes down, there are more ready to use.

Ping us if you get it to work! ;)

[Broeckelmann]

Sorry, was quite busy the last few weeks.

Can I somehow look up the dns query log in portmaster? Because I can config pi-hole as a dns option and remove everything else, with either your line docker run --rm -ti -p 54:53/udp -p 80:80 --env WEBPASSWORD=password cbcrowe/pihole-unbound:latest or with the .yaml + .env files as described on and then browse the Internet normally, but the pi-hole admin interface shows no change in the query log.

I honestly never know with portmaster which dns server is getting used, as in this case it shouldn't work if I can trust the pi-hole query log.

[dhaavi]

You can just use dig to query from within the WSL. The Portmaster attaches additional information to the response.

Eg.

$ dig orf.at

; <<>> DiG 9.16.8-Ubuntu <<>> orf.at
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61560
;; flags: qr rd; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;orf.at.				IN	A

;; ANSWER SECTION:
orf.at.			17	IN	A	194.232.104.149
orf.at.			17	IN	A	194.232.104.140
orf.at.			17	IN	A	194.232.104.150
orf.at.			17	IN	A	194.232.104.141
orf.at.			17	IN	A	194.232.104.4
orf.at.			17	IN	A	194.232.104.3
orf.at.			17	IN	A	194.232.104.142
orf.at.			17	IN	A	194.232.104.139

;; ADDITIONAL SECTION:
info.portmaster.	0	IN	TXT	"accepted: allowing dns request"
info.portmaster.	0	IN	TXT	"served from cache, resolved by Cloudflare (dot://1.1.1.2:853#config)"
info.portmaster.	0	IN	TXT	"record valid for 6h35m46s"

;; Query time: 52 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Do Nov 18 10:47:43 CET 2021
;; MSG SIZE  rcvd: 407

You might need to directly target the Portmaster, as WSL2 is a VM and VMs are still out of scope for the Portmaster, as in we cannot guarantee anything.

---

Also, if you are in the Beta Release Channel, you can already use the localhost IP in the settings. That should work now.

[Broeckelmann]

Sorry, the beta release just borked portmaster entirely no queries or anything happens anymore even after reverting back to stable, even after I restarted a couple of times just to see whats up.
After that I had to completely reinstall, maybe it's because I am running windows11 but I don't know as I get no errors, it just stops working (as in I can't connect the internet) with default settings even.

I am going to wait for localhost to be in the stable version and then try again.

But it does work in dns:// mode with the docker run command, but that's not secure as you already said.

I have to look more into how to set it up securely and more easily, maybe even as a direct option in portmaster later on.

[dhaavi]

Sorry, the beta release just borked portmaster entirely no queries or anything happens anymore even after reverting back to stable, even after I restarted a couple of times just to see whats up. After that I had to completely reinstall, maybe it's because I am running windows11 but I don't know as I get no errors, it just stops working (as in I can't connect the internet) with default settings even.

This is really interesting. I know of no other such problems with the current Beta channel. And at least switching back to Stable channel should have fixed it. Something is going on here.

I am going to wait for localhost to be in the stable version and then try again.

Not sure how much will change until then. Releases in the Beta channel just stay there for about two weeks to see if there are any big issues and are then released st Stable channel.

But it does work in dns:// mode with the docker run command, but that's not secure as you already said.

I'm not sure I can follow. Can you elaborate what you mean by "dns:// mode"?

[Broeckelmann]

This is really interesting. I know of no other such problems with the current Beta channel. And at least switching back to Stable channel should have fixed it. Something is going on here.

Oh, I would open an issue but without any error log I don't think I can help much. Haven't tried since maybe it's just somehow caused by windows11, as everyone knows it's still a bit buggy.

Not sure how much will change until then. Releases in the Beta channel just stay there for about two weeks to see if there are any big issues and are then released to the Stable channel.

Hm, okay then something is definitely going on but I'll still wait till then and then try it out again as I don't know if this is somehow caused by win11 and may be "magically" resolved by then. And without any error logs it's just too time consuming for me to find the cause, sorry 😅.

I'm not sure I can follow. Can you elaborate what you mean by "dns:// mode"?

Sorry, I just mean dns://address:port

[Broeckelmann]

For my home-network & Desktop I have now setup a pi-hole with unbound on my rasberry pi and just use tcp:// {ip of rasberry} in portmaster no port needed.

And on my Laptop localhost works now so it's docker run -d --restart unless-stopped -ti -p 54:53/udp -p 80:80 --env WEBPASSWORD="{password}" cbcrowe/pihole-unbound:latest and in portmaster localhost:54.

For most users just Adguard or one of the other default providers in portmaster seems fine,
but I rather recommend setting up pihole-unbound or adguard home on a local rasberry pi (with DietPi you almost don't have to do anything).

TLD: localhost works and docker-pihole-unbound works.

Sorry for taking so long 😅.