Setup
I have a Unifi Home Setup with multiple Wifi Networks set up and a RaspberryPi with Arch to take care of DNS filtering.
Goals
I want to run multiple DNS Servers on the Raspberry Pi and direct the different Wifis to different DNS. To this end I need different IP addresses for different DNS containers.
What I have done so far
After trying systemd and a couple of different docker solutions, I have settled on using Pi-Hole in combination with cloudflared.
Running multiple pi-holes is not a problem with docker-compose, but I know far too little about proper (docker) networking to figure out how to get different, network reachable ip-addresses to different containers.
Here is the docker-compose file for one set of cloudflare + pi-hole:
version: "3.5"
services:
cloudflared_workday:
container_name: cloudflared_workday
image: crazymax/cloudflared:latest
ports:
- "5053:5053/udp"
- "49312:49312/tcp"
environment:
- "TZ=Europe/Berlin"
- "TUNNEL_DNS_UPSTREAM=https://1.1.1.1/dns-query,https://1.0.0.1/dns-query"
restart: always
pihole_workday:
container_name: pihole_workday
image: pihole/pihole:latest
depends_on:
- cloudflared_workday
network_mode: host
environment:
TZ: 'Europe/Berlin'
WEBPASSWORD: 'password'
DNS1: '127.0.0.1#5053'
DNS2: 'no'
ServerIP: '192.168.2.10'
# Volumes store your data between container upgrades
volumes:
- './pihole_workday/pihole/etc-pihole/:/etc/pihole/'
- './pihole_workday/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
restart: always
Where 192.168.2.10 is the ip given to the RaspberryPi.
I can only specify an IP for a DNS in my router, not different ports that I could remap for the containers.
PS.: I know the password is not ideal, but that's a problem for another day :D
Question
How do I run a duplicate of this setup on the same machine without the two DNS getting into each others' way and how do I reach the separate pi-holes with different IPs?
Edit 1
I found that there is something called macvlan in docker linking docker containers directly to the network. This seems to also work with pi-hole (macvlan + pi-hole), only that I haven't succeeded yet. Does anyone see a conceptual issue with this approach?
First timer here and bad english.
I struggled for whole two weeks with this, but finnaly managed to run multiple instances of Pi-hole with docker and macvlan.
My TEST hardware Orange pi PC 512mb, 16gb sd card. OS: Armbian 21.02.2 Buster with Linux 5.10.16-sunxi
i am running dockers on separate vlan.
create docker VLAN:
-o macvlan_mode=bridge \
this part is wery important if container need acces to internet, gave me gray hair to find this out, but not necesary if container dont need internet, works for LANtoLAN.--ip-range=10.0.10.128/25 \
not neccesary.next:
Create folder: /home/pihole/ - or folder at your choise. Create file inside folder: sudo nano docker-compose.yml insert: - its just my working sample, you can use yours.
run
sudo docker-compose up -d
in folder "pihole". Should be any errorsif you will have some database WRITE error in Pihole GUI. run
sudo chown -R www-data:pihole /home/pihole
, not in container.if you need another instance... create folder
/home/piholeGuest
or/home/piholeIOT
or folder with any name and copy previuosdocker-compose.yml
file. ChangeContainer_name, ServerIP, ipv4_address and password
, leave ports as they are, because is using different IP an container name, so no PORT conflict.Its like running baremetal instances with own IPs :)
As i read, there is some limit to mac addreses per LAN port, but i am not sure how, i run 4 instances on Rock64 2gb, works fine and fast.
You will not see IPs in your router/FW, but firewall rules and other stuff will work fine, you just need to remember IP, i have pfSense.
Files are preserved if you upgrade docker container.
I dont run Pihole baremetal, all in docker containers.
Works for me yust fine, my approach :)
I am not PRO in anymean, just share my expirience.
Sorry for confused guied, i am not good at explaining.
Hope some my info will help you to finnish your goal.