這是本文件的舊版!
安裝 Pi-hole+Unbound 的 DNS (Docker)
- 安裝環境 :
- VM : 1vCore, 1G RAM, 16G SSD
- OS : Alpine 3.18 + Docker Compose
安裝設定
- 編輯 docker-compose.yml
version: '3' networks: dns_net: driver: bridge ipam: config: - subnet: 172.22.0.0/16 services: pihole: container_name: pihole hostname: pihole image: pihole/pihole:latest networks: dns_net: ipv4_address: 172.22.0.6 ports: - "53:53/tcp" - "53:53/udp" - "8080:80/tcp" environment: - 'TZ=Asia/Taipei' - 'WEBPASSWORD=mypassword' - 'DNS1=172.22.0.7#53' - 'DNS2=no' volumes: - './etc-pihole/:/etc/pihole/' - './etc-dnsmasq.d/:/etc/dnsmasq.d/' restart: always unbound: container_name: unbound image: mvance/unbound:latest networks: dns_net: ipv4_address: 172.22.0.7 #volumes: #- ./etc-unbound:/opt/unbound/etc/unbound ports: - "5053:53/tcp" - "5053:53/udp" healthcheck: disable: true restart: always - 啟動服務
docker compose up -d
開始使用
- 確認設定使用 unbound - 172.22.0.7#53
驗證成效
- 可以參考 https://github.com/sefinek24/Sefinek-Blocklist-Collection/blob/main/lists/md/Pi-hole.md 加入 ADList 提高阻擋廣告能力
FAQ
- unbound 預設阻擋上游 DNS 回復私有網路保留 IP 網段 Exp. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 , 如果要開放這限制, 需要
- 複製 unbound 內的 /opt/unbound/etc/unbound 目錄出來成為 etc-ubound
docker cp unbound:/opt/unbound/etc/unbound . mv unbound etc-unbound
- 修改 docker-compose.yml 將 volumes 註記取消, 讓 etc-ubound 可掛載起來
: unbound: container_name: unbound image: mvance/unbound:latest networks: dns_net: ipv4_address: 172.22.0.7 volumes: - ./etc-unbound:/opt/unbound/etc/unbound ports: : - 修改 ./etc-unbound/unbound.conf 將 private-address 設定註記掉 Exp.
: # These private network addresses are not allowed to be returned for public # private-address: 10.0.0.0/8 # private-address: 172.16.0.0/12 # private-address: 192.168.0.0/16 # private-address: 169.254.0.0/16 # private-address: fd00::/8 # private-address: fe80::/10 # private-address: ::ffff:0:0/96 : - 重新啟動 docker compose
docker compose up -d
- 如何調整自動更新週期