This is an old revision of the document!
Pi-hole DNS Blocking
The Pi-hole project is a “DNS sinkhole” that protects your devices from unwanted content, without installing any client-side software.
Pi-hole is a perfect example to use with AstLinux within a LXC.
Resource Usage: (minimum)
- Memory: 50 MB
- Storage: 0.7 GB
First, it is assumed the lxcbr0 interface is setup per the Quick Start Guide → Enable LXC Support.
Then from the CLI:
lxc-create -t download -n pi-hole -- -d debian -r buster -a amd64 --no-validate
service lxc restart
lxc-attach pi-hole passwd apt update apt install openssh-server iputils-ping curl ... exit
Tip -> Optionally you may want to also…
apt install sudo nano
Tip -> Set PermitRootLogin yes for sshd and restart sshd. Type exit to leave the container and do the rest via ssh.
Install Pi-hole:
Either with lxc-attach pi-hole or ssh root@pi-hole_ip_address
curl -sSL https://install.pi-hole.net -o pihole.sh # Comment out the "set -e" in pihole.sh, then bash pihole.sh
Follow the dialogs and answer the questions.
Change Pi-hole WebGUI password:
/usr/local/bin/pihole -a -p
Tip -> If lighttpd is not started after the Pi-hole installation (⇒ netstat -tlp):
apt remove lighttpd bash pihole.sh # choose "Update"
Related Info -> LXC container in AstLinux
Override default DHCP dns-server option
By default, the DHCP server (dnsmasq) offers the dns-server IP address using the gateway address for that subnet. In the case when you want all clients in a subnet to use the Pi-hole server you can override the default settings by editing your /mnt/kd/dnsmasq.static file with the following:
## Override default dns-server option dhcp-option=lan,option:dns-server,192.168.200.10 #dhcp-option=lan2,option:dns-server,192.168.200.10 #dhcp-option=lan3,option:dns-server,192.168.200.10 #dhcp-option=lan4,option:dns-server,192.168.200.10 #dhcp-option=dmz,option:dns-server,192.168.200.10
Replace the 192.168.200.10 IP address with your Pi-hole server's static address and uncommnet for each subnet you want it to apply. In the web interface, select “Restart DNS & DHCP” to apply the change to the dnsmasq configuration.