Raspberry Pi, pihole, unbound, nginx, doh-server: some quick notes

Some quick thoughts, mainly to remind me, as I run through a pi-hole migration.

Install pihole


Change the password to something stronger:

pihole -a -p

Install unbound


Install nginx


Remember to add user www-data to group pihole:

usermod -a -G pihole www-data


(If you don't do this, you will not be able to import settings from a previous Pi-Hole instance, or add new ad lists.)



The gist is here.

I compiled from source.

Install go. For a Raspberry Pi, you'll want the arm64 version.

Then install the doh-server.

Do not do the doh-client config bit; switch back to the original guide.

When done, enable it via systemd:

systemctl enable --now doh-server


Here's the .mobileconfig profile I use for Apple devices - it works on my iPhone, and seemingly on my Apple TV too.

For my Debian machine, I followed "Step 6: Configure DoH Client on Debian Desktop" from here. Warning - this site has (had?) some dubious adverts, if you browse it before your ad blocker is working.

The gist is:

  • install dnscrypt-proxy
  • add the details for your doh-server, and add the stamp from https://dnscrypt.info/stamps/. (Don't forget to change the generator from dnscrypt to doh, else you're not generating the correct stamp.)

Author: neil

I'm Neil. By day, I run a law firm, decoded.legal, giving advice on Internet, telecoms, and tech law. This is my personal blog, so will be mostly about tech stuff, cycling, and other hobbies.

You can find me (and follow me) on Mastodon and Twitter.