# pi-hole & unbound #### RasbianOS | **Version** | **Code name** | **Current status** | **Release date** | **End-of-life ([LTS](https://wiki.debian.org/LTS))** | | ----------- | ------------- | ------------------ | ---------------- | ---------------------------------------------------- | | 11 | Bullseye | oldstable | 2021-08-14 | 2024-08-14 (2026-08-31) | | 12 | Bookworm | stable | 2023-06-10 | 2026-06-10 (2028-06-30) | | 13 | Trixie | testing | 2025-06-?? | 2028-06-?? (2030-06-??) | ##### Installer Pi-Hole et Unbound: https://www.crosstalksolutions.com/the-worlds-greatest-pi-hole-and-unbound-tutorial-2023/ https://mediacenterz.com/tutoriel-complete-pi-hole-bloqueur-dannonces-pour-toute-la-maison/ ##### Installer Gravity Sync: https://github.com/vmstan/gravity-sync ##### Installer keepalived: https://davidshomelab.com/pi-hole-failover-with-keepalived/ ##### Version de Pi-Hole ```bash $ pihole -v Pi-hole version is v5.17.3 (Latest: v5.17.3) web version is v5.21 (Latest: v5.21) FTL version is v5.25 (Latest: v5.25.1) ``` ##### Mise-à-jour de Pi-Hole: ```bash $ pihole -up ``` ##### Changer le mot de passe de l’interface Web PiHole ```bash $ pihole -a -p ``` ##### Liste noire: - **`pihole -b -l`** – Liste des domaines sur la liste noire - **`pihole -b exemple.com`** – Ajouter example.com à la liste noire - **`pihole -b -d example.com`** – Supprimer exemple.com de la liste noire ##### Liste blanche: - **`pihole -w -l`** – Liste des domaines dans la liste blanche - **`pihole -w exemple.com`** – Ajouter example.com à la liste blanche - **`pihole -w -d example.com`** – Supprimer exemple.com de la liste blanche ##### Activer / désactiver Pi-Hole: - **`pihole enable`** – Activer PiHole - **`pihole disable`**– Désactiver PiHole en permanence - **`pihole disable 10m`** – Désactiver PiHole pendant 10 minutes - **`pihole disable 60s`** – Désactiver PiHole pendant 1 min ### Activer la résolution local sur le PiHole (Loopback) Se connecter sur le Pi-Hole en ssh, puis: ```bash echo "addn-hosts=/etc/pihole/lan.list" | sudo tee /etc/dnsmasq.d/02-lan.conf ``` On crée le fichier `/etc/pihole/lan.list` ```bash nano /etc/pihole/lan.list ``` que l'on remplit avec les IP/serveurs ```bash Adresse IP nom de domaine nom du serveur 192.168.1.xx service.nomdedomaine nomduserveur ``` ```bash 192.168.2.57 navidrome.photos-nas.ovh navidrome 192.168.2.57 ds923.photos-nas.ovh dsm 192.168.2.57 maloja.photos-nas.ovh maloja 192.168.2.57 photos.photos-nas.ovh photos 192.168.2.57 change.photos-nas.ovh changedetection 192.168.2.57 search.photos-nas.ovh searxng 192.168.2.57 vault.photos-nas.ovh vaultwarten 192.168.2.1 asus.photos-nas.ovh asus 192.168.2.1 www.asusrouter.com et12 192.168.2.116 pihole1.photos-nas.ovh dietpi1 192.168.2.216 pihole2.photos-nas.ovh dietpi2 ``` On redémarre le service DNS: ```bash pihole restartdns ``` https://induste.com/threads/utiliser-un-pihole-pour-creer-une-loopback-orange-bouygues-etc.634410/ ### Liens: https://www.reddit.com/r/pihole/comments/tsperl/comment/i2sr22h/ https://discourse.pi-hole.net/t/pihole-unbound-not-working-as-it-should/51381/12 https://docs.pi-hole.net/guides/dns/unbound/#disable-resolvconf-for-unbound-optional https://alain-michel.canoprof.fr/eleve/tutoriels/raspberry/utiliser-pi-hole-pour-bloquer-les-pubs/ https://nicolasforcet.com/nettoyer-base-de-donnees-pihole-ftldb-log/ https://nicolasforcet.com/raspberry-pi-limiter-drastiquement-les-logs-et-les-mettre-en-ram-pour-preserver-sa-carte-sd/ Using “sudo nmtui” I was able to change my network settings. I The Fireborg : The Big Blocklist Collection https://firebog.net Gravity Sync: https://github.com/vmstan/gravity-sync https://github.com/azlux/log2ram https://dnscheck.tools ``` vcgencmd get_throttled <-- will give you info on conditions that may have caused throttling. ``` ``` Great write up, thanks. Instead of a firewall rule, blocking all DNS queries except to Pihole, better create a NAT Port Forward rule, so that all DNS queries except router or a Pihole are redirected to the pihole address. Thus DNS resolution will continue working (for allowed domains) even if somebody (or some malicious IoT device) use custom DNS. I have an OPNsense (pfSense fork) with Unbound installed onboard (192.168.0.1), and a PiHole on another box (192.168.0.100). All devices by default query DNS from the router (192.168.0.1). Above mentioned NAT Port Forward rule redirects all DNS queries to the Pihole (192.168.0.100). Pihole has Unbound on a router as an upstream (192.168.0.1). SO, unfortunately, there are some networks hops to and fro, but I can’t install Pihole on an OPNsense router (it’s FreeBSD and not Linux). ``` ``` Hopefully CrossTalk sees this, but this guide needs to be updated. As of the 10/10/2023 of Debian Bookworm. Debian (and by extension Raspberry Pi OS) does not use dhcpcd as the networking interface. Instead, it uses the more complex/robust NetworkManager. This change can be found in the release notes for RaspberyPi OS here: https://downloads.raspberrypi.com/raspios_lite_arm64/release_notes.txt. This means that the dhcpcd.conf file will not exist under /etc as the guide suggest. There are ways to use nmcli (the command the interact with NetworkManager) to set a static IP. However, I recommend simply setting up a DHCP reservation using your router. Either way, you cannot set up a static IP using dhcpcd.conf. Hope this helps anyone on their PiHole journey! ``` ``` static IP on Bookworm: credits to https://raspberrypi-guide.github.io/networking/set-up-static-ip-address So I used ‘nmtui’ command to set up a static ip on bookworm. Looks like they got rid of dhcpcd by default and are going with NetworkManager. 1. type ‘sudo nmtui’ so you have the right permissions 2. edit the connection you want 4. change ipv4 config to manual 5. Enter your desired ip address into addresses (with a trailing /24, e.g. 192.168.1.77/24) 6. I put my routers ip in the gateway and DNS fields, and also added a second 8.8.8.8 for DNS 7. Exit out of nmtui 8. reboot and it should work ```