The original post: /r/pihole by /u/MonkeyCartridge on 2024-11-13 22:06:42.
I recently got a NanoPi R6C as my main router running FriendlyWRT (OpenWRT).
The goal was to have some sort of ad blocker + recursive filter.
The cool thing is that OpenWRT has an adblocker built in which can also configure itself to work with unbound. Pretty neat that it’s built right in.
But the thing is, it’s hard to monitor or gather any of the stats I’m wanting. Cache hits/misses. Response times. Cache size. Quick logs with easy white/black listing. Etc. It’s more of barebones setup and I can really only cross my fingers and assume it’s working. because it tells me jack, and the plugins for monitoring the statistics are broken.
I tried getting PiHole + Unbound working via docker like I used to on my server. Pihole would work, but it would fight with dnsmasq. I would change the dnsmasq listening port to give PiHole room, but if PiHole isn’t running, then it can’t start PiHole because it doesn’t have another DNS to refer to. I would need to get the device to request dns directly, while having external DNS requests handled by pihole. Not even sure how to do that. Even though I somehow did it on my server at one point.
But then the next issue is that unbound doesn’t have a docker container compatible with ARM.
It would almost be nice if PiHole was just built on top of Unbound instead of dnsmasq.
The 2 reasons for insisting on unbound are, as I understand it:
- I guess unbound doesn’t request DNS the normal way, but requests a library or something. Therefore there’s no record of what sites you’re actually visiting. Just “this guy asked for this region’s database. WHich tells us FA about what he’s actually doing.”
- Probably my main reason. dnsmasq is mostly cache misses. And the cache is short-lived and forgotten. dnsmasq seems bare-bones in this regard. With Unbound, you can have it keep, like, half the internet of domain names in a much larger cache, and then instead of letting the cache expire, it can look at stale values and pre-emptively update the entries so you are almost always hitting cache. The speedup is quite noticeable in my experience.