[Feature V6] Pi-hole x Unbound

[Gontier-Julien]

This is up for discussion.

This is a: Feature Request

Details

Since V6 is a whole redesign and there is official documentation for running Pi-hole with Unbound, i was wondering if it would be a great idea or not to either:

• Make an official docker-compose file with Pi-hole + Unbound or
• Make an official image with Unbound integrated to Pi-hole

My take / though on the two suggestion:

The first suggestion pros:

• Respect the docker philosophy of doing just one thing per container
• Separated from the pi-hole container itself

cons:

• Isn't a "All-In-One" solution
• Can't guaranty or control the Unbound container for what going on with it

The last cons can easily be solved by either creating our own Unbound container or using the second suggestion.

The second suggestion pros:

• Is a "All-In-One" solution
• Can guaranty what going with Unbound

cons:

• Doesn't respect the docker philosophy
• Can add another tag to the list of container under pi-hole aside of the currents ones

Final words I think it would be great to have it for the V6, and would simplify thing for those running Pi-hole + Unbound. With the benefit of having a Pi-hole + Unbound container/compose just ready to go.

Let me know what you think ^^

More infos: Suggested containers:

From @PromoFaux suggestion (A the time of writing this container is on Unbound V1.18.0)

• The container from @klutchell, which we could base off the docker compose file if they're okay with it ^^

• The container from Alpine Linux.

This container is regularly auto rebuild, which i don't really like. (A the time of writing this container is on Unbound V1.17.1)

Both container is nearly the same size (~0.1Mb)

Related Issues:

• [x] I have searched this repository/Pi-hole forums for existing issues and pull requests that look similar

[klutchell]

I'm fine with it, but I'll also throw the image from @MatthewVance in the ring as it is much more user friendly, and not distroless like mine.

[Gontier-Julien]

I'm fine with it, but I'll also throw the image from @MatthewVance in the ring as it is much more user friendly, and not distroless like mine.

We will see what we decide, but thank for the suggestion! ^^

[bfren]

I have an image which is is setup as recursive + DNSSEC by default (the other one mentioned forwards to Cloudflare by default). Works in exactly the same way, but without sending requests to Cloudflare.

[Gontier-Julien]

I have an image which is is setup as recursive + DNSSEC by default (the other one mentioned forwards to Cloudflare by default). Works in exactly the same way, but without sending requests to Cloudflare.

I know the one from @MatthewVance does. But we will mostly/very likely use the config from the official Pi-Hole wiki.

[Gontier-Julien]

@PromoFaux (sorry for the ping again here), should i or you ping the other members on this issue/feature discussions?

[PromoFaux]

I think, to be honest, I'd rather not produce an image that has unbound built into it. However I think it is a good candidate for an example compose file that also contains an unbound container

[MatthewVance]

If it helps, I have an example compose file for my image. It's mostly follows the config from the official Pi-hole wiki. The compose file and setup needs to be refined a bit more, but you all are welcome to reference and copy anything you want from it. Do not feel obligated to reference/use my Unbound image.

https://github.com/MatthewVance/unbound-docker/issues/120#issuecomment-1363477286

[klutchell]

To echo @MatthewVance , I also have an example compose file with my unbound image that you can use.

Also this project for running Pi-hole with Unbound on balenaOS includes a standard compose file and unbound.conf, no need to be using balena.

Feel free to copy everything you need.

[Gontier-Julien]

I think, to be honest, I'd rather not produce an image that has unbound built into it. However I think it is a good candidate for an example compose file that also contains an unbound container

I think too, it would be the best thing to do

[MatejKovacic]

I think the first important thing would be to pack PiHole in a Docker container with the newest Debian version. Current is 11.7 and for that Debian there is very old Unbound available - 1.13.1.

This version has very bad support for DNS-over-TLS and DNS-over-HTTPS.

If you update docker to Debian 12, it would be possible to get newer version of Unbound with much better features.

What do you think?

[rdwebdesign]

Actually the suggestions above are pointing to a different direction.

Pi-hole's will be in one container. Unbound should be in another container, not in the same one. In this case, the container operating system version is not relevant.

[PromoFaux]

Also worth mentioning here that v6 will be an alpine-based container

[Gontier-Julien]

I think i'll probably make a pull request next week or so, it will depend on how busy it going to be.

As for a container of choice, i think it would probably be best first to pick one that is light imo (no harm to anyone of course), because i don't see why would it need to be super large just to have unbound running imo.

My take on it: The one from @klutchell is light but based on distroless (i don't know if it is bad or not, but it is not personally)

There is one from AlpineLinux which is also light, but the inconvenience is that there is no support if something goes bad.

And there is the one from @MatthewVance which is not based on distroless but is the heaviest in size.

I think one thing to also consider maybe is how vulnerable they are each maybe?

[bfren]

If it helps, I have an example compose file for my image. It's mostly follows the config from the official Pi-hole wiki. The compose file and setup needs to be refined a bit more, but you all are welcome to reference and copy anything you want from it. Do not feel obligated to reference/use my Unbound image.

https://github.com/MatthewVance/unbound-docker/issues/120#issuecomment-1363477286

I think something like this with a few sample .env / compose files for different setups (eg pi-hole default / recursive / forwarding / DNSSEC enabled) would be relatively straightforward to offer.

My personal preference is to handle all this with environment variables so the conf is generated each time the container is started up.

Or even to go super simple and offer a pi-hole official unbound container with the default pi-hole config and let people choose a different unbound image if they want other options??

[MatejKovacic]

Actually the suggestions above are pointing to a different direction.

Pi-hole's will be in one container. Unbound should be in another container, not in the same one. In this case, the container operating system version is not relevant.

Well, I tried to set up Unbound on a host machine and set up PiHole in Docker in that way, that it would use Unbound on a host machine as a DNS server.

But it is not working. Can you point me to the instructions how to do this? Unbound on a host machine is simply not reachable from PiHole docker...

[Gontier-Julien]

If it helps, I have an example compose file for my image. It's mostly follows the config from the official Pi-hole wiki. The compose file and setup needs to be refined a bit more, but you all are welcome to reference and copy anything you want from it. Do not feel obligated to reference/use my Unbound image. MatthewVance/unbound-docker#120 (comment)

I think something like this with a few sample .env / compose files for different setups (eg pi-hole default / recursive / forwarding / DNSSEC enabled) would be relatively straightforward to offer.

My personal preference is to handle all this with environment variables so the conf is generated each time the container is started up.

Or even to go super simple and offer a pi-hole official unbound container with the default pi-hole config and let people choose a different unbound image if they want other options??

I could definitely maintain one official for pi-hole but it up for discussion and let the people that officially maintain it decide what would be best.

[bfren]

Actually the suggestions above are pointing to a different direction. Pi-hole's will be in one container. Unbound should be in another container, not in the same one. In this case, the container operating system version is not relevant.

Well, I tried to set up Unbound on a host machine and set up PiHole in Docker in that way, that it would use Unbound on a host machine as a DNS server.

But it is not working. Can you point me to the instructions how to do this? Unbound on a host machine is simply not reachable from PiHole docker...

I wouldn't do it this way - I'm not even sure you can! If Pi-Hole is in a Docker container, then you'd be better off running Unbound that way too, and putting them in the same Docker network.

Then map your host's port 53 (or whatever) to your Pi-Hole container.

This is case in point why an official container / instructions would be helpful in doing this.

[bfren]

I could definitely maintain one official for pi-hole but it up for discussion and let the people that officially maintain it decide what would be best.

I'd be happy to help with this too, though I recognise I have less experience than others I do maintain a number of Docker images.

[PromoFaux]

Feel free to develop and maintain your own unbound images using the suggested configs from docs.pi-hole.net, or whatever config you so wish to use!

As far as this repository goes, or even org-wide, the most we will accept is a documented example of how to run an unbound container (whatever image that may be) alongside a Pi-hole container.

Another target for this may actually be the pi-hole/docs repo under the Docker menu item

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

[Gontier-Julien]

Whenever the readme is overhaul i'm going to add it 👍🏻

[PromoFaux]

Pop it in the examples subdirectory, and maybe add a reference to it on the main README page. I think the pihole/docs repo is a good target, too.

[Gontier-Julien]

Pop it in the examples subdirectory, and maybe add a reference to it on the main README page. I think the pihole/docs repo is a good target, too.

Alright! I'll do it when I have some time again hopefully soon ^^

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

[MatejKovacic]

Any progress on that?

[Gontier-Julien]

Any progress on that?

I might have some time soon, i just have a lot of work the past weeks, so sorry about that, at least it will be done before Christmas hopefully 👍🏻

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

[MatejKovacic]

Christmas already passed... :)

[Gontier-Julien]

Christmas already passed... :)

If your careful you can since that i did a pull request here #1510, so it was done before Christmas. I just need to move it to the docs repo now :) Also remember that we all do it on our free time :)

[MatejKovacic]

Sorry, it was supposed to be a joke. I really appreciate what you are doing, I am also working on some opensource projects.

Great news about pull request!