Raspberry Pi, pihole, unbound, nginx, doh-server: some quick notes

Some quick thoughts, mainly to remind me, as I run through a pi-hole migration.

Install pihole

Here.

Change the password to something stronger:

pihole -a -p

Install unbound

Here.

Install nginx

Here.

Remember to add user www-data to group pihole:

usermod -a -G pihole www-data

Reboot.

(If you don't do this, you will not be able to import settings from a previous Pi-Hole instance, or add new ad lists.)

DNS-over-https

Server-side

The gist is here.

I compiled from source.

Install go. For a Raspberry Pi, you'll want the arm64 version.

Then install the doh-server.

Do not do the doh-client config bit; switch back to the original guide.

When done, enable it via systemd:

systemctl enable --now doh-server

Client-side

Here's the .mobileconfig profile I use for Apple devices - it works on my iPhone, and seemingly on my Apple TV too.

For my Debian machine, I followed "Step 6: Configure DoH Client on Debian Desktop" from here. Warning - this site has (had?) some dubious adverts, if you browse it before your ad blocker is working.

The gist is:

  • install dnscrypt-proxy
  • add the details for your doh-server, and add the stamp from https://dnscrypt.info/stamps/. (Don't forget to change the generator from dnscrypt to doh, else you're not generating the correct stamp.)

Author: neil

I'm Neil. By day, I run a law firm, decoded.legal, giving advice on Internet, telecoms, and tech law. This is my personal blog, so will be mostly about tech stuff, cycling, and other hobbies.

You can find me (and follow me) on Mastodon and Twitter.