DoH (DNS over HTTPS) w/ pihole in docker on DSM

71
7
NAS
DS718+
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Last edited:
Is anyone successfully running a pihole on their DS (in docker) with DoH (DNS over HTTPS) enabled on the router? I can get each working separately but not together. When enabling DoH, it greys out the primary DNS field at Network Center < Local Network < DHCP Server < Primary DNS, which is where you would put the ip address of the pihole (in my case same ip address of as my DS).
 
Why would you wanna run doh on both your router lvl dns and your pihole (thats a dns server in the 1st place)?
I probably don’t know enough to answer your question directly. I’d just like to keep my DNS queries private. Is that accomplished with just the pihole? I have Cloudflare set as my upstream DNS servers in the pihole. Does the pihole run that encrypted?
 
@Rusty - I have it set as shown in the picture in red. Are you saying I can enter that address in the section in blue / custom 1?
Annotation 2020-02-24 210838.jpg
 
Looks like Cloudflare is already preconfigured in that UI. Doesn't that also use HTTPS?
Good questions. Considering its just a CF checkbox its unsure what's behind it. With a manual added upstream server, you know what you are configuring. So in my book, upstream doh parameter is a safer bet.
 
Good questions. Considering its just a CF checkbox its unsure what's behind it. With a manual added upstream server, you know what you are configuring. So in my book, upstream doh parameter is a safer bet.

I do wonder if this works for @daptap because looking at that GUI is seems to be asking for an IP address and doesnt give the option for a URL.
 
I do wonder if this works for @daptap because looking at that GUI is seems to be asking for an IP address and doesnt give the option for a URL.
Looks like no: "IP (https://cloudflare-dns.com/dns-query) is invalid! The settings have been reset to their previous values". Tried pasting and also typing in, in case past had something wrong with it. I think it does want an actual ip address.
 
I saw this when googling. I've got this in docker on my DS718 right now...been thinking about moving to my rp4...if I do I could try this.

DoH or DoT (DNS over TLS) isn’t working out of the box with pihole you need to install and configure some extras.

But if you want DoH or DoT to work out of the box you could look at Adguard Home Docker Hub
It is quite easy to setup and works great and also using less resources and memory.
 
DoH or DoT (DNS over TLS) isn’t working out of the box with pihole you need to install and configure some extras.

But if you want DoH or DoT to work out of the box you could look at Adguard Home Docker Hub
It is quite easy to setup and works great and also using less resources and memory.
Any tutorials for how to set this up in docker on a disk station?
 
Any tutorials for how to set this up in docker on a disk station?

Hi,
I would also be interested in a quick tutorial on how to set Adguard up.
I have tried to install it in Docker but when I try to map the ports (eg: 53 host to 53 docker instance) it throws an error : port already used or something like that even though I'm not running a DNS server on my NAS.
 
Change the following to your needs and use putty or mac terminal to create the Adguard Home docker container.
First you need to create a macvlan network and then the AGH container.


Code:
#create for singel IP

docker network create -d macvlan \
 --subnet=192.168.1.0/24 \              #change to your local lan Subnet
 --ip-range=192.168.1.50/32 \              #change to your ip range
 --gateway=192.168.1.1 \              #change to your gateway
 -o parent=eth0 \              #change to your network interface
 nameyour_network

Code:
docker pull adguard/adguardhome:latest
docker run -d --name adguard \
 -v /volume1/docker/adguard/work:/opt/adguardhome/work \
 -v /volume1/docker/adguard/config:/opt/adguardhome/conf \
 -v /volume1/docker/adguard/etc/hosts:/etc/hosts:rw \
 -v /etc/localtime:/etc/localtime:ro \
 -v /etc/TZ:/etc/timezone:ro \
 --env TZ='your/timezone' \
 --network=macvlan_network \
 --ip=192.168.xx.xx \                  #your macvlan IP
 --hostname='adguard' \
 -p 53:53/tcp -p 53:53/udp \
 -p 67:67/udp \
 -p 68:68/tcp -p 68:68/udp \
 -p 81:80/tcp -p 8443:443/tcp \
 -p 853:853/tcp -p 3000:3000/tcp \
 --restart always \
 adguard/adguardhome:latest
 
@BobW ,

Thanks for this quick tutorial, it looks quite simple.
Do you think this can be done within the DSM UI instead of CLI ?

I'm pretty new to docker and I find it more confortable to not mess with CLI :D
Also, I don't really understand what macvlan does.... Does it allow you to assign a dedicated LAN IP (in the same subnet as your LAN) to the container ?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I just added two DNS A with both public IPs, main ip TTL - Auto, second DNS TTL-1 min and it works well...
Replies
2
Views
817
  • Question
Hi The WebVPN works with other endpoints (but they are all HTTP) , when we try to initiate to the https -...
Replies
2
Views
910

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top