Setup
I have a Unifi Home Setup with multiple Wifi Networks set up and a RaspberryPi with Arch to take care of DNS filtering.
Goals
I want to run multiple DNS Servers on the Raspberry Pi and direct the different Wifis to different DNS. To this end I need different IP addresses for different DNS containers.
What I have done so far
After trying systemd and a couple of different docker solutions, I have settled on using Pi-Hole in combination with cloudflared.
Running multiple pi-holes is not a problem with docker-compose, but I know far too little about proper (docker) networking to figure out how to get different, network reachable ip-addresses to different containers.
Here is the docker-compose file for one set of cloudflare + pi-hole:
version: "3.5"
services:
cloudflared_workday:
container_name: cloudflared_workday
image: crazymax/cloudflared:latest
ports:
- "5053:5053/udp"
- "49312:49312/tcp"
environment:
- "TZ=Europe/Berlin"
- "TUNNEL_DNS_UPSTREAM=https://1.1.1.1/dns-query,https://1.0.0.1/dns-query"
restart: always
pihole_workday:
container_name: pihole_workday
image: pihole/pihole:latest
depends_on:
- cloudflared_workday
network_mode: host
environment:
TZ: 'Europe/Berlin'
WEBPASSWORD: 'password'
DNS1: '127.0.0.1#5053'
DNS2: 'no'
ServerIP: '192.168.2.10'
# Volumes store your data between container upgrades
volumes:
- './pihole_workday/pihole/etc-pihole/:/etc/pihole/'
- './pihole_workday/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
restart: always
Where 192.168.2.10 is the ip given to the RaspberryPi.
I can only specify an IP for a DNS in my router, not different ports that I could remap for the containers.
PS.: I know the password is not ideal, but that's a problem for another day :D
Question
How do I run a duplicate of this setup on the same machine without the two DNS getting into each others' way and how do I reach the separate pi-holes with different IPs?
Edit 1
I found that there is something called macvlan in docker linking docker containers directly to the network. This seems to also work with pi-hole (macvlan + pi-hole), only that I haven't succeeded yet. Does anyone see a conceptual issue with this approach?
First timer here and bad english.
I struggled for whole two weeks with this, but finnaly managed to run multiple instances of Pi-hole with docker and macvlan.
My TEST hardware Orange pi PC 512mb, 16gb sd card. OS: Armbian 21.02.2 Buster with Linux 5.10.16-sunxi
i am running dockers on separate vlan.
create docker VLAN:
-o macvlan_mode=bridge \this part is wery important if container need acces to internet, gave me gray hair to find this out, but not necesary if container dont need internet, works for LANtoLAN.--ip-range=10.0.10.128/25 \not neccesary.next:
Create folder: /home/pihole/ - or folder at your choise. Create file inside folder: sudo nano docker-compose.yml insert: - its just my working sample, you can use yours.
run
sudo docker-compose up -din folder "pihole". Should be any errorsif you will have some database WRITE error in Pihole GUI. run
sudo chown -R www-data:pihole /home/pihole, not in container.if you need another instance... create folder
/home/piholeGuestor/home/piholeIOTor folder with any name and copy previuosdocker-compose.ymlfile. ChangeContainer_name, ServerIP, ipv4_address and password, leave ports as they are, because is using different IP an container name, so no PORT conflict.Its like running baremetal instances with own IPs :)
As i read, there is some limit to mac addreses per LAN port, but i am not sure how, i run 4 instances on Rock64 2gb, works fine and fast.
You will not see IPs in your router/FW, but firewall rules and other stuff will work fine, you just need to remember IP, i have pfSense.
Files are preserved if you upgrade docker container.
I dont run Pihole baremetal, all in docker containers.
Works for me yust fine, my approach :)
I am not PRO in anymean, just share my expirience.
Sorry for confused guied, i am not good at explaining.
Hope some my info will help you to finnish your goal.