Skip to content

DNS Servers

Overview

How do I run DietPi-Software and install optimised software items?

To install any of the DietPi optimised software items listed below run from the command line:

dietpi-software

Choose Browse Software and select one or more items. Finally select Install.
DietPi will do all the necessary steps to install and start these software items.

DietPi-Software menu screenshot

To see all the DietPi configurations options, review the DietPi Tools section.

Return to the Optimised Software list

Pi-hole

Pi-hole is a DNS sinkhole with web interface that will block ads for any device on your network.

Pi-hole web interface screenshot

The web interface of Pi-hole can be accessed via:

  • URL = http://<your.IP>/admin
  • Password = <yourGlobalSoftwarePassword> (default: dietpi)

The configuration contains setting devices (e.g. router) to use Pi-hole for DNS resolution.

Option 1 - Setup single devices to use the Pi-hole DNS server

Simply change your DNS settings to use the IP address of your Pi-hole device. This will need to be done for each device that you want Pi-hole to work with.

Example:

Option 2 - Setup your router to use the Pi-hole DNS server

This method will automatically point every device (that uses DHCP) on your network to Pi-hole. On your routers control panel web page, you will need to find a option called “DNS server”. This should be located under DHCP settings.

Simply enter the IP address of your Pi-hole device under “DNS server”:

DietPi DNS server software router setup

On your Pi-hole device, you will need to set a different DNS server.
Depending on your router configuration, if you don’t do this step, the Pi-hole device may not be able to access the internet. It’s highly recommended to have the device running Pi-hole, pointing to a DNS server outside your network.

  • Run the following command: dietpi-config 8 1
  • Select: Ethernet
  • If you are running in DHCP mode, select Change Mode, then select: Copy Current address to Static
  • Select Static DNS from the list, then choose a DNS server, or manually enter a custom entry.
  • Once completed, select Apply to save the changes.

Pi-hole can be updated via the shell command pihole -up.

You can use pihole -r to repair or reconfigure your Pi-hole instance.

Do NOT select to install Lighttpd

Do NOT select to install Lighttpd when being asked, as this will mix our own webserver stack setup with the different one provided by the Pi-hole installer, which causes various issues.

If you forgot your login password for the Pi-hole admin web page, you can set it with the shell command pihole -a -p on your Pi-hole device.

There are many sites in the web giving blocklists and whitelists for Pi-hole. They can be used when you want to have more blocking as the standard installation gives you. Here are some examples:

To allow (OpenVPN or WireGuard) VPN clients accessing your local Pi-hole instance, you need to allow DNS requests from all network interfaces: pihole -a -i local.

DietPi-CloudShell has a Pi-hole scene included, which can be used to monitor the most important DNS query and block statistics. Simply run dietpi-cloudshell, select Scenes and assure that 8 Pi-hole is selected. Toggle Output Display to choose whether to print the output to the current console or the main screen, then select Start / Restart to start the output.


Official website: https://pi-hole.net/
Official documentation: https://docs.pi-hole.net/
Wikipedia: https://wikipedia.org/wiki/Pi-hole
Source code: @pi-hole

DietPi Blog: Pi-Hole & Unbound: How to have ad-free & safer internet in just few minutes

YouTube video tutorial #1: Raspberry Pi / Pi-hole / Diet-Pi / Network wide Ad Blocker !!!!.

YouTube video tutorial #2: Block ads everywhere with Pi-hole and PiVPN on DietPi
YouTube video tutorial #3 (German language): Raspberry Pi & DietPi : Pi-hole der Werbeblocker für Netzwerke mit Anleitung für AVM FritzBox
YouTube video tutorial #4 (German language): Raspberry Pi Zero W mit Pi-hole - günstiger Werbeblocker & Schritt für Schritt Anleitung unter DietPi
Blog entry with YouTube video #5 (German language): Unbound Installation für PiHole unter DietPi

Unbound

Unbound is a validating, recursive, caching DNS resolver. It can resolve hostnames by querying the root name servers directly, replacing ISP/public DNS resolvers. Eliminating one player involved in handling your DNS requests, increases your internet privacy. Additionally Unbound can be configured to use the encrypted DoT protocol, which requires again a public DNS provider, but masks requests for your LAN operator and ISP instead. For more info, see the “Activating DNS over TLS (DoT)” tab below.

Unbound logo

Unbound monitor screenshot

  • Default DNS port: 53
  • DNS port when Pi-hole is installed: 5335

The configuration directory is located there: /etc/unbound

View the log files:

journalctl -u unbound

Update to latest version:

apt update
apt upgrade

DoT sends DNS requests encrypted, masking them from your LAN operator and ISP. But it requires again a public DNS provider, to query the root name servers, which is otherwise, thanks to Unbound, not required. Root name server requests can only be unencrypted, either sent directly from Unbound (default) or by a public provider (when using DoT). Whether DoT (or any other encrypted DNS wrapper protocol) is preferable or not, depends on your individual case and needs, i.e. if you trust your LAN operator and ISP more, or a public DNS provider. You can activate DoT by copying and executing the following command block:

cat << '_EOF_' > /etc/unbound/unbound.conf.d/dietpi-dot.conf
# Adding DNS-over-TLS support
server:
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
forward-zone:
name: "."
forward-tls-upstream: yes
## Cloudflare
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
## Quad9
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
_EOF_

The used DNS servers are examples only and can be replaced by your favorite one.

A list of public DNS providers, their IP addresses and their in cases included ad blocking / adult content blocking features are available on Wikipedia:

For the change to take effect, the Unbound service needs to be restarted:

systemctl restart unbound

Official website: https://www.nlnetlabs.nl/projects/unbound/about/
Official documentation: https://nlnetlabs.nl/documentation/unbound/unbound
New WIP documentation: https://unbound.readthedocs.io/
Wikipedia: https://wikipedia.org/wiki/Unbound_(DNS_server)
Source code: NLnetLabs/unbound

DietPi Blog: Pi-Hole & Unbound: How to have ad-free & safer internet in just few minutes

Blog entry with YouTube video (German language): Unbound Installation für PiHole unter DietPi

Return to the Optimised Software list