DoH (DNS over HTTPS) w/ pihole in docker on DSM

Currently reading
DoH (DNS over HTTPS) w/ pihole in docker on DSM

71
7
NAS
DS718+
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Last edited:
Is anyone successfully running a pihole on their DS (in docker) with DoH (DNS over HTTPS) enabled on the router? I can get each working separately but not together. When enabling DoH, it greys out the primary DNS field at Network Center < Local Network < DHCP Server < Primary DNS, which is where you would put the ip address of the pihole (in my case same ip address of as my DS).
 
71
7
NAS
DS718+
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Why would you wanna run doh on both your router lvl dns and your pihole (thats a dns server in the 1st place)?
I probably don’t know enough to answer your question directly. I’d just like to keep my DNS queries private. Is that accomplished with just the pihole? I have Cloudflare set as my upstream DNS servers in the pihole. Does the pihole run that encrypted?
 
71
7
NAS
DS718+
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
@Rusty - I have it set as shown in the picture in red. Are you saying I can enter that address in the section in blue / custom 1?
Annotation 2020-02-24 210838.jpg
 

Rusty

Moderator
NAS Support
6,095
1,785
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Looks like Cloudflare is already preconfigured in that UI. Doesn't that also use HTTPS?
Good questions. Considering its just a CF checkbox its unsure what's behind it. With a manual added upstream server, you know what you are configuring. So in my book, upstream doh parameter is a safer bet.
 
772
290
NAS
DS216+II, DS118, DS718+, DS720+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Good questions. Considering its just a CF checkbox its unsure what's behind it. With a manual added upstream server, you know what you are configuring. So in my book, upstream doh parameter is a safer bet.

I do wonder if this works for @daptap because looking at that GUI is seems to be asking for an IP address and doesnt give the option for a URL.
 
71
7
NAS
DS718+
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
I do wonder if this works for @daptap because looking at that GUI is seems to be asking for an IP address and doesnt give the option for a URL.
Looks like no: "IP (https://cloudflare-dns.com/dns-query) is invalid! The settings have been reset to their previous values". Tried pasting and also typing in, in case past had something wrong with it. I think it does want an actual ip address.
 
242
63
I saw this when googling. I've got this in docker on my DS718 right now...been thinking about moving to my rp4...if I do I could try this.

DoH or DoT (DNS over TLS) isn’t working out of the box with pihole you need to install and configure some extras.

But if you want DoH or DoT to work out of the box you could look at Adguard Home Docker Hub
It is quite easy to setup and works great and also using less resources and memory.
 
71
7
NAS
DS718+
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
DoH or DoT (DNS over TLS) isn’t working out of the box with pihole you need to install and configure some extras.

But if you want DoH or DoT to work out of the box you could look at Adguard Home Docker Hub
It is quite easy to setup and works great and also using less resources and memory.
Any tutorials for how to set this up in docker on a disk station?
 
162
45
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Any tutorials for how to set this up in docker on a disk station?

Hi,
I would also be interested in a quick tutorial on how to set Adguard up.
I have tried to install it in Docker but when I try to map the ports (eg: 53 host to 53 docker instance) it throws an error : port already used or something like that even though I'm not running a DNS server on my NAS.
 
242
63
Change the following to your needs and use putty or mac terminal to create the Adguard Home docker container.
First you need to create a macvlan network and then the AGH container.


Code:
#create for singel IP

docker network create -d macvlan \
 --subnet=192.168.1.0/24 \              #change to your local lan Subnet
 --ip-range=192.168.1.50/32 \              #change to your ip range
 --gateway=192.168.1.1 \              #change to your gateway
 -o parent=eth0 \              #change to your network interface
 nameyour_network

Code:
docker pull adguard/adguardhome:latest
docker run -d --name adguard \
 -v /volume1/docker/adguard/work:/opt/adguardhome/work \
 -v /volume1/docker/adguard/config:/opt/adguardhome/conf \
 -v /volume1/docker/adguard/etc/hosts:/etc/hosts:rw \
 -v /etc/localtime:/etc/localtime:ro \
 -v /etc/TZ:/etc/timezone:ro \
 --env TZ='your/timezone' \
 --network=macvlan_network \
 --ip=192.168.xx.xx \                  #your macvlan IP
 --hostname='adguard' \
 -p 53:53/tcp -p 53:53/udp \
 -p 67:67/udp \
 -p 68:68/tcp -p 68:68/udp \
 -p 81:80/tcp -p 8443:443/tcp \
 -p 853:853/tcp -p 3000:3000/tcp \
 --restart always \
 adguard/adguardhome:latest
 
162
45
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
@BobW ,

Thanks for this quick tutorial, it looks quite simple.
Do you think this can be done within the DSM UI instead of CLI ?

I'm pretty new to docker and I find it more confortable to not mess with CLI :D
Also, I don't really understand what macvlan does.... Does it allow you to assign a dedicated LAN IP (in the same subnet as your LAN) to the container ?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

6
oh tanks a lot, it would be nice for them to add a (!) with this information, it not clear we can do that...
Replies
2
Views
1,706
6
Replies
26
Views
1,435
I've configured the OpenVPN server in SRM (in vpn plus server), and I've checked the 'allow clients to...
Replies
0
Views
660
Yep, thats what I'm doing as wel. Would be nice if Synology would come up with something like Microsoft IPAM.
Replies
6
Views
1,543
Replies
2
Views
3,740
There was some changes to DNS and Safe Access, with people wanting to use their own internal pi-hole...
Replies
1
Views
1,304
I deleted a bit I was going to add about ISP's holding the account holder responsible for what happens...
Replies
22
Views
8,892

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top