# Pi Hole Ad blocking at the DNS level. Save yourself that precious transfer while on the go. This was chosen as it's designed to run on a Raspberry Pi and... this project is all about that kind of hardware. *NOTE: You may want to use a filesystem on a USB disk instead of /var for the volumes setup in the below Docker command(s) to help reduce writes to the micro sd card* ## Inspiration / Further Reading - [https://hub.docker.com/r/diginc/pi-hole/](https://hub.docker.com/r/diginc/pi-hole/) - [https://hub.docker.com/r/diginc/pi-hole-multiarch/tags/](https://hub.docker.com/r/diginc/pi-hole-multiarch/tags/) - [https://github.com/diginc/docker-pi-hole/blob/master/README.md](https://github.com/diginc/docker-pi-hole/blob/master/README.md) - [https://www.bentasker.co.uk/documentation/linux/279-unbound-adding-custom-dns-records](https://www.bentasker.co.uk/documentation/linux/279-unbound-adding-custom-dns-records) ## Update Unbound ### Setup unbound to listen on the Docker LAN so it can be the upstream of Pi Hole Add a 2nd ```interface``` line to ```/etc/unbound/unbound.conf``` ```interface:``` Restart unbound with ```systemctl restart unbound``` ## Setup Unbound to start *after* Docker *See [here (link)](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-Managing_Services_with_systemd-Unit_Files#brid-Managing_Services_with_systemd-Extending_Unit_Config) for more details.* This is mainly here to ensure that unbound starts *after* the Docker network comes up as it's configured to listen on the Docker network. It'll fail to load/restart if the bind address isn't present when it is started. ``` bash mkdir -p /etc/systemd/system/unbound.service.d cat > /etc/systemd/system/unbound.service.d/10-after-docker.conf < /root/docker/pi-hole.sh < /etc/NetworkManager/dnsmasq-shared.d/pi-hole.conf < /etc/unbound/local_zone/pi-hole.conf < /etc/caddy/services/pi-hole.conf <