I have recently started watching your videos and I find your content very unique. I'm amazed how your try to solve very specific and real world problems Ops/Admins face. Thank you for the amazing content. I just have one suggestion. The audio is not very good. It would awesome if the audio quality is improved a bit. Better mics, acoustic panels would improve the audio quality manifold. Thank you once again!
I'm a huge fan of what this tech can do, but I really don't want to have to mess around with setting everything up myself. Do you know any reputable seller that I can buy a few of these from?
Hi sir i hope you will answer me ,opening porte 53 in cloud instance will invite unknown people to use my pihole dns as recursive dns so how i can secure my pihole without vpn allowing traffic just for specific mac addresses , i used iptables but it didn't work
Where exactly to install the pi-hole and how to connect it to a specific network vlan? I didn't see any configuration of Pi-hole here, just the installation
Okay understood, I can install it on any machine with Internet access, as long as it has a static IP and I can set my route's DNS server to this Pi-hole server address (it's basically a DNS server).
Airban, thank you for the comment! Yes, exactly. The Docker host will forward the DNS requests into the Pi-hole container and it will answer requests and recursive queries from there.
Hello, I have tried following your tutorial and have gotten stuck in the beginning. I tried running the command: docker run -dit -p 80:80 -p 53:53/udp -p 53:53/tcp -v $(pwd)/etc-pihole:etc/pihole -v $(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d --name piholetest pihole/pihole:latest and I get this error message: docker: Error response from daemon: invalid volume specification: '/home/pihole2/etc-pihole:etc/pihole': invalid mount config for type "bind": invalid mount path: 'etc/pihole' mount path must be absolute. Can you please let me know what I am doing wrong? Thanks for the helpful videos!
Help>>> After typing docker script docker run -dit -p 80:80 -p 53:53/udp -p 53:53/tcp -v $(pwd)/etc-pihole:/etc/pihole -v $(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d --name piholetest pihole/pihole:latest I got the following error. Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. Error: short-name "pihole/pihole:latest" did not resolve to an alias and no unqualified-search registries are defined in "/etc/containers/registries.conf"
Great video. Could you please write a small documentation with the scripts to all of the steps in the video? That would be very helpful to those of us that may make a typo and cause an error that we can't find. Thank you.
@@VirtualizationHowtothanks for the brilliant and straightforward tutorial! Any way to duplicate this setup using unbound as a local recursive resolver instead of cloudflare? Not interested in DoH but being able to deploy pihole the way you have here with the inclusion of unbound would be a game changer 😊 Cheers!
GravitySync is really one part of a High Availability (HA) setup for PiHole. The second part for a HA setup is to install keepalived on each PiHole and you have to create a configuration file where you specify a virtual IP address that is established between the two devices and you then use this virtual IP address as the DNS address in your DHCP scopes or manually entered on statically any configured devices instead of one or the other or both PiHole IPs. When the primary PiHole is down for any reason, the secondary becomes the master and instantly picks up to continue serving as the network's DNS server and, because GravitySync is also synchronizing from the primary on a frequent basis, your adlists and other blocking config are already up to date. When the primary comes back online, it resumes as the master and retakes control.
Do you have a walkthrough guide on your blog that includes the commands and files necessary to follow along with the video? Having those resources would be immensely helpful. I have search on your blog but have not found it.
A friend installed pi-hole and opnsense in virtualbox which now crashes. I don't know the cause of the problem even when searchingfor the error code. since then I transferred both vm's into vmware andI am trying to find a solution to link pi-hole and opnsense in vmware without starting from the beginning. both vm's work independently without any problem. could you make a small tuto for this kind of problem, please?🙏🙏 thank you very much
What if I run win2k19 as my main DNS server already how can I make pihole play nice with that? I want the security of Pihole and would like it to be my recursive DNS server but I want all my records stored on win server.
Out of interest, can you have two services request wildcard certificates on the same domain? I already have a similar configuration setup using AMCE on my firewall. I use that to give my firewall a certificate, and other services via haproxy. If I then set traefik up with a wildcard will that confuse everything?
In the HDCP scopes of the networks that you have created in your UDMP, specify the IP address of your PiHole device as the DNS server. This will enable any device that is given an IP address through the DHCP scopes to also be given the PiHole's IP. You will need to reboot these devices so they pick up the new settings. Any devices that you have manually configured will need to have their DNS configuration changed to point at your PiHole's IP address.
gravity sync seems to support only bind mounts in case of containerized pihole... How did you manage your pihole container using Docker volumes and not bind mounts with gravity sync?
What if I run win2k19 as my main DNS server already how can I make pihole play nice with that? I want the security of Pihole and would like it to be my recursive DNS server but I want all my records stored on win server.
Nitdawg, thanks for the comment! You can easily do this with the Settings > DNS > Conditional Forwarder configuration. You are telling Pihole you want to forward requests for a specific domain to another authoritative name server.
Thank you very much! This is an excellent explanation. Can you also include unbound in the mix, and do it in a Proxmox VM or LXC? That will be awesome! Thanks again
I'm not sure whether the SSL dropdown contains the same url, but when you're blurring the url make sure to also blur the dropdown when you click the certificate. Depending on whether you wanted to hide the domain or the uri. (You're showing the domain in the video)
@dejohnfranklin5748, thank you for commenting! Hit me up on the forums and I can give you more personalized help there: www.virtualizationhowto.com/community. Thanks again
Hey! I have a question about virtualized firewalls on two different nodes, where one functions as a failover in case the main node is down for maintenance. How do you accomplish this, if you only have access to a single wan connection? Idea for a new video perhaps? Haven’t seen any covering this exact topic.
Olsenlid, thanks for the comment! I am not sure what type of virtual firewalls you are using or which hypervisor, there may be some vendor specifics there. However, in general, on both hypervisor hosts, I would carve out a physical uplink that would plug into a "WAN" VLAN on a physical switch. You would then plug your ISP hand off into the VLAN. Each physical uplink on the hypervisor host would be assigned to a virtual switch that the physical uplinks are backing. This allows both virtual firewalls to be plumbed into the WAN VLAN on this virtual switch with the ISP handoff. When the primary FW goes down, the secondary would assume the WAN connection. I hope this helps!
Boris, Thank you for the comment! Traefik is awesome. I would just suggest getting it into a lab environment and playing around with it. It starts to make a lot more sense then.
I have recently started watching your videos and I find your content very unique. I'm amazed how your try to solve very specific and real world problems Ops/Admins face. Thank you for the amazing content.
I just have one suggestion. The audio is not very good. It would awesome if the audio quality is improved a bit. Better mics, acoustic panels would improve the audio quality manifold.
Thank you once again!
thanks Mohammed for your comment! Definitely a work in progress on improving the quality of the videos :) Thank you for the suggestions also
Could you write down the script in video for us to follow? It is too hard to follow your steps in screen! thanks.
I'm a huge fan of what this tech can do, but I really don't want to have to mess around with setting everything up myself. Do you know any reputable seller that I can buy a few of these from?
Hi sir i hope you will answer me ,opening porte 53 in cloud instance will invite unknown people to use my pihole dns as recursive dns so how i can secure my pihole without vpn allowing traffic just for specific mac addresses , i used iptables but it didn't work
Curious to see if I’m missing anything. I use gravity sync to keep three piholes in sync currently
S T thank you for the comment! That is awesome you are using Gravity Sync, great solution!
Where exactly to install the pi-hole and how to connect it to a specific network vlan? I didn't see any configuration of Pi-hole here, just the installation
Okay understood, I can install it on any machine with Internet access, as long as it has a static IP and I can set my route's DNS server to this Pi-hole server address (it's basically a DNS server).
Airban, thank you for the comment! Yes, exactly. The Docker host will forward the DNS requests into the Pi-hole container and it will answer requests and recursive queries from there.
Missing unbound.
Hello, I have tried following your tutorial and have gotten stuck in the beginning. I tried running the command:
docker run -dit -p 80:80 -p 53:53/udp -p 53:53/tcp -v $(pwd)/etc-pihole:etc/pihole -v $(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d --name piholetest pihole/pihole:latest
and I get this error message:
docker: Error response from daemon: invalid volume specification: '/home/pihole2/etc-pihole:etc/pihole': invalid mount config for type "bind": invalid mount path: 'etc/pihole' mount path must be absolute.
Can you please let me know what I am doing wrong?
Thanks for the helpful videos!
make it "/etc/pihole"
Help>>> After typing docker script
docker run -dit -p 80:80 -p 53:53/udp -p 53:53/tcp -v $(pwd)/etc-pihole:/etc/pihole -v $(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d --name piholetest pihole/pihole:latest
I got the following error.
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Error: short-name "pihole/pihole:latest" did not resolve to an alias and no unqualified-search registries are defined in "/etc/containers/registries.conf"
don't waste your time following this guide, it doesn't work.
Great video. Could you please write a small documentation with the scripts to all of the steps in the video? That would be very helpful to those of us that may make a typo and cause an error that we can't find. Thank you.
documentation might be on his website, i haven't checked myself but worth a shot.
Hello. I have been watching your videos for a while.
It could be more helpfull if you provide us a link with the code for the docker compose.
You mentioned your local DNS resolver but didn’t say what it was. Just curious what you’re using to resolve local DNS records on your network.
Hi Thomas, Thank you for your comment! I am using an upstream Windows DNS server as I run an Active Directory domain in the home lab.
@@VirtualizationHowtothanks for the brilliant and straightforward tutorial!
Any way to duplicate this setup using unbound as a local recursive resolver instead of cloudflare? Not interested in DoH but being able to deploy pihole the way you have here with the inclusion of unbound would be a game changer 😊
Cheers!
This doesn't work on recent versions Ubuntu. Port 53 is in use and there are extra steps involved not included in this video.
I liked your teaching, because I'm Brazilian and new to English and your calm speaking helps me understand. Thank you very much
GravitySync is really one part of a High Availability (HA) setup for PiHole.
The second part for a HA setup is to install keepalived on each PiHole and you have to create a configuration file where you specify a virtual IP address that is established between the two devices and you then use this virtual IP address as the DNS address in your DHCP scopes or manually entered on statically any configured devices instead of one or the other or both PiHole IPs.
When the primary PiHole is down for any reason, the secondary becomes the master and instantly picks up to continue serving as the network's DNS server and, because GravitySync is also synchronizing from the primary on a frequent basis, your adlists and other blocking config are already up to date.
When the primary comes back online, it resumes as the master and retakes control.
Thanks for the tutorial, where can we find the tutorial's documentation? The complete docker compose script. Thanks once again
Hi Brandon, can you share the scripts? I can't seem to locate them on your site.Thanks !
Do you have a walkthrough guide on your blog that includes the commands and files necessary to follow along with the video? Having those resources would be immensely helpful. I have search on your blog but have not found it.
ciao, la procedura è uguale anche installato in un container proxmox ?
I'll check this out now. Does this pihole container include unbound? Thanks for sharing. I love your content and format
Best pihole tutoring by far.
Does gravity sync remain in sync or must we rerun it at times?
@iPigee it has a scheduler built-in.
A friend installed pi-hole and opnsense in virtualbox which now crashes. I don't know the cause of the problem even when searchingfor the error code. since then I transferred both vm's into vmware andI am trying to find a solution to link pi-hole and opnsense in vmware without starting from the beginning. both vm's work independently without any problem. could you make a small tuto for this kind of problem, please?🙏🙏 thank you very much
What if I run win2k19 as my main DNS server already how can I make pihole play nice with that? I want the security of Pihole and would like it to be my recursive DNS server but I want all my records stored on win server.
Out of interest, can you have two services request wildcard certificates on the same domain? I already have a similar configuration setup using AMCE on my firewall. I use that to give my firewall a certificate, and other services via haproxy. If I then set traefik up with a wildcard will that confuse everything?
How do I set up pihole on my UDM pro once configured?
In the HDCP scopes of the networks that you have created in your UDMP, specify the IP address of your PiHole device as the DNS server.
This will enable any device that is given an IP address through the DHCP scopes to also be given the PiHole's IP. You will need to reboot these devices so they pick up the new settings.
Any devices that you have manually configured will need to have their DNS configuration changed to point at your PiHole's IP address.
When I try to login to pihole. I can oly logo to RaspAP. Can I run both?
can you add mobile devices/tv's into pi-hole to block ads on those devices
gravity sync seems to support only bind mounts in case of containerized pihole... How did you manage your pihole container using Docker volumes and not bind mounts with gravity sync?
@waveformer2592 Thank you for the comment! Sign up on the forums and let's discuss: www.virtualizationhowto.com/community
Is a copy of the docker compose file available somewhere?
What if I run win2k19 as my main DNS server already how can I make pihole play nice with that? I want the security of Pihole and would like it to be my recursive DNS server but I want all my records stored on win server.
Nitdawg, thanks for the comment! You can easily do this with the Settings > DNS > Conditional Forwarder configuration. You are telling Pihole you want to forward requests for a specific domain to another authoritative name server.
Excellent video, best tutorial I have found on this.
Thank you very much! This is an excellent explanation. Can you also include unbound in the mix, and do it in a Proxmox VM or LXC? That will be awesome!
Thanks again
@nippurtech572, thank you for the comment. Check out my unbound video as well.
I'm not sure whether the SSL dropdown contains the same url, but when you're blurring the url make sure to also blur the dropdown when you click the certificate. Depending on whether you wanted to hide the domain or the uri. (You're showing the domain in the video)
ok..I want to run this. can you point to the docker file used in the video
@dejohnfranklin5748, thank you for commenting! Hit me up on the forums and I can give you more personalized help there: www.virtualizationhowto.com/community. Thanks again
Have you done this for Proxmox?
Hey! I have a question about virtualized firewalls on two different nodes, where one functions as a failover in case the main node is down for maintenance. How do you accomplish this, if you only have access to a single wan connection? Idea for a new video perhaps? Haven’t seen any covering this exact topic.
Olsenlid, thanks for the comment! I am not sure what type of virtual firewalls you are using or which hypervisor, there may be some vendor specifics there. However, in general, on both hypervisor hosts, I would carve out a physical uplink that would plug into a "WAN" VLAN on a physical switch. You would then plug your ISP hand off into the VLAN. Each physical uplink on the hypervisor host would be assigned to a virtual switch that the physical uplinks are backing. This allows both virtual firewalls to be plumbed into the WAN VLAN on this virtual switch with the ISP handoff. When the primary FW goes down, the secondary would assume the WAN connection. I hope this helps!
Good guide.
Awesome video. Still trying to wrap my head around Traefik 😅
Boris, Thank you for the comment! Traefik is awesome. I would just suggest getting it into a lab environment and playing around with it. It starts to make a lot more sense then.
Awesome! Thank you!
This was a really good watch ! Awesome job.
Thank you Jason as always!