Raspberry Pi, pihole, unbound, nginx, doh-server: some quick notes

Some quick thoughts, mainly to remind me, as I run through a pi-hole migration.

Install pihole

Here.

Change the password to something stronger:

pihole -a -p

Install unbound

Here.

Install nginx

Here.

Remember to add user www-data to group pihole:

usermod -a -G pihole www-data

Reboot.

(If you don't do this, you will not be able to import settings from a previous Pi-Hole instance, or add new ad lists.)

DNS-over-https

Server-side

The gist is here.

I compiled from source.

Install go. For a Raspberry Pi, you'll want the arm64 version.

Then install the doh-server.

Do not do the doh-client config bit; switch back to the original guide.

When done, enable it via systemd:

systemctl enable --now doh-server

Client-side

Here's the .mobileconfig profile I use for Apple devices - it works on my iPhone, and seemingly on my Apple TV too.

For my Debian machine, I followed "Step 6: Configure DoH Client on Debian Desktop" from here. Warning - this site has (had?) some dubious adverts, if you browse it before your ad blocker is working.

The gist is:

  • install dnscrypt-proxy
  • add the details for your doh-server, and add the stamp from https://dnscrypt.info/stamps/. (Don't forget to change the generator from dnscrypt to doh, else you're not generating the correct stamp.)

Author: neil

I'm Neil. By day, I run a law firm, decoded.legal, giving advice on Internet, telecoms, and tech law. This is my personal blog, so will be mostly about tech stuff, cycling, and other hobbies.