Skip to content

DNS Servers


How do I run DietPi-Software and install optimised software ?

To install any of the DietPi optimised software listed below run from the command line:


Choose Software Optimised and select one or more items. Finally click on Install. DietPi will do all the necessary steps to install and start these software items.

DietPi software

To see all the DietPi configurations options, review DietPi Tools section.

Return to the Optimised Software list


Pi-hole is a DNS sinkhole with web interface that will block ads for any device on your network.

DietPi DNS server software Pi-hole

The web interface of Pi-hole can be accessed via:

  • URL= http://<your.IP>/admin
  • Password = <yourGlobalSoftwarePassword> (default: dietpi)

The configuration contains setting devices (e.g. router) to use Pi-hole for DNS resolution.

Option 1 - Setup single devices to use the Pi-hole DNS server

Simply change your DNS settings to use the IP address of your Pi-hole device. This will need to be done for each device that you want Pi-hole to work with.


Option 2 - Setup your router to use the Pi-hole DNS server

This method will automatically point every device (that uses DHCP) on your network to Pi-hole. On your routers control panel web page, you will need to find a option called “DNS server”. This should be located under DHCP settings.

Simply enter the IP address of your Pi-hole device under “DNS server”:

DietPi DNS server software router setup

On your Pi-hole device, you will need to set a different DNS server.
Depending on your router configuration, if you don’t do this step, the Pi-hole device may not be able to access the internet. It’s highly recommended to have the device running Pi-hole, pointing to a DNS server outside your network.

  • Run the following command: dietpi-config 8 1
  • Select: Ethernet
  • If you are running in DHCP mode, select Change Mode, then select: Copy Current address to Static
  • Select Static DNS from the list, then choose a DNS server, or manually enter a custom entry.
  • Once completed, select Apply to save the changes.

Pi-hole can be updated via the shell command pihole -up.

You can use pihole -r to repair or reconfigure your Pi-hole instance.

No selection of Lighttpd during repair procedure

Do NOT select to install Lighttpd when being asked, as this will mix our own webserver stack setup with a different once provided by the Pi-hole installer, which causes various issues.

If you forgot your login password for the Pi-hole admin web page, you can set it with the shell command pihole -a -p on your Pi-hole device.

There are many sites in the web giving blocklists and whitelists for Pi-hole. They can be used when you want to have more blocking as the standard installation gives you. Here are some examples:

To allow (OpenVPN or WireGuard) VPN clients accessing your local Pi-hole instance, you need to allow DNS requests from all network interfaces: pihole -a -i local.

The monitoring of a Pi-hole system via Netdata is described there:


YouTube video tutorial #1: Raspberry Pi / Pi-hole / Diet-Pi / Network wide Ad Blocker !!!!.

YouTube video tutorial #2: Block ads everywhere with Pi-hole and PiVPN on DietPi
YouTube video tutorial #3 (German language): Raspberry Pi & DietPi : Pi-hole der Werbeblocker für Netzwerke mit Anleitung für AVM FritzBox
YouTube video tutorial #4 (German language): Raspberry Pi Zero W mit Pi-hole - günstiger Werbeblocker & Schritt für Schritt Anleitung unter DietPi


Unbound is a validating, recursive, caching DNS resolver.
For more details see unbound “about” description.

DietPi DNS server software unbound logo

DietPi DNS server software unbound screenshot

  • Default DNS port: 53
  • DNS port when Pi-hole is installed: 5335

The configuration directory is located there: /etc/unbound

View the log files: journalctl -u unbound

Update to latest version: apt update && apt upgrade

If required, you can activate DoT. Simply copy/execute following section:

cat << '_EOF_' > /etc/unbound/unbound.conf.d/dietpi-dot.conf
# Adding DNS-over-TLS support 
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
name: "."
forward-tls-upstream: yes
## Cloudflare
## Quad9

Once done, Unbound service would need to be restarted

systemctl restart unbound

The used DNS servers are examples only and can be replaced by your favorite one. A list of public DNS providers, their IP addresses and their in cases included ad blocking / adult content blocking features are available on Wikipedia:

Source code: NLnetLabs/unbound.
Official documentation: resp.

Return to the Optimised Software list